[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] AW: [FW-1] Problem about High Availability of SBFC

To: [email protected]
Subject: Re: [FW-1] AW: [FW-1] Problem about High Availability of SBFC
From: Andre Liese <[email protected]>
Date: Tue, 29 Oct 2002 17:59:05 +0100
References: <[email protected]>
Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hello,

when the node which handels the connection (are you sure it is the right
node? Take a look at the firewall log...) fails and changes its state to
offline, do you lose the ftp-connection after some time?
Normally the (offline) gateway will be closed for any traffic.
If you use a crosslinked twisted pair cable, the test will fail on both
nodes.
Probably the last node will work on, however it should be down.
To be sure -> forceoffline...

Regards
  Andre



> Hello,
> Thank you so much for your information.
> I have configured the "test subsystem" as follows,
> #distribute on each node
> "gatewaytest_1" 30 online alert 2 1000 multi-ping 200.240.2.4 192.168.1.10
> distribute on node 1
> "linkstatus_1_1_1" 15 online offline 1 1 networkinterface-linkstatus sbif0
> "linkstatus_1_1_2" 15 online offline 1 1 networkinterface-linkstatus sbif1
> "ifacestatus_1_1_3" 15 online offline 1 500 networkinterface-up sbif0
> "ifacestatus_1_1_4" 15 online offline 1 500 networkinterface-up sbif1
> distribute on node 2
> "linkstatus_1_2_1" 15 online offline 1 1 networkinterface-linkstatus sbif1
> "linkstatus_1_2_2" 15 online offline 1 1 networkinterface-linkstatus sbif3
> "ifacestatus_1_2_3" 15 online offline 1 500 networkinterface-up sbif1
> "ifacestatus_1_2_4" 15 online offline 1 500 networkinterface-up sbif3
>
> After I remove a cable from a operative interface, the test subsystem
> recognized the failing node and the status of the node became offline,
> however, the traffic does not move to the other node. But I remove a
> cable of heartbeat interface, the failover will occur.
> any idea?
>
> Regards,
>
> --Wen
>
> andre.liese> we're running an older version of Stonebeat (2.0 & Firewall-1
> 4.1)
> andre.liese>
> andre.liese> You can configure the "test subsystem". For example it can
> monitor firewall
> andre.liese> processes or the status of the NICs ...
> andre.liese> You have to configure a test routine for the NICs. If you
> then remove a
> andre.liese> cable from on node, the test subsystem will recognize the
> failing node an moves
> andre.liese> the traffic transparently to the other.
> andre.liese>
> andre.liese> Perhaps it helps ;-)
> andre.liese>
> andre.liese> Regards
> andre.liese> Andr�
> andre.liese>
> andre.liese>
> andre.liese> Hi Horst,
> andre.liese> Thanks so much for your information.
> andre.liese> > as far as I found out with our installation (StoneBeat
> Fullcluster 3.0 and
> andre.liese> > NG FP2 on Solaris 8) the failover only occurs if the
> heartbeat wents down
> andre.liese> or
> andre.liese> > by sbfc command.
> andre.liese>
> andre.liese> Yes, it is the same situation with me. But in the manual of
> "StoneBeat
> andre.liese> FullCluster
> andre.liese> Administator's Guide", They said "If a StoneBeat FullCluster
> firewall node
> andre.liese> fails, it is switched
> andre.liese> offline
> andre.liese> and the traffic going through it is moved to other firewall
> nodes." and
> andre.liese> "StoneBeat FullCluster can
> andre.liese> preserve all existing connection over a failover."
> andre.liese> Is that true?!
> andre.liese>
> andre.liese> Regards,
> andre.liese>
> andre.liese> --Wen
> andre.liese>
> andre.liese>
> andre.liese>
> andre.liese> > -----Urspr�ngliche Nachricht-----
> andre.liese> > Von: Mailing list for discussion of Firewall-1
> andre.liese> > [mailto:[email protected]]Im
> Auftrag von Wen
> andre.liese> > Guangcheng
> andre.liese> > Gesendet: Donnerstag, 24. Oktober 2002 04:44
> andre.liese> > An: [email protected]
> andre.liese> > Betreff: [FW-1] Problem about High Availability of SBFC
> andre.liese> >
> andre.liese> >
> andre.liese> > Hi ALL,
> andre.liese> > I have installed StoneBeat FullCluster3.0(SP1) in two
> Solaris8 boxs with
> andre.liese> > FW-1 (NG FP2).
> andre.liese> > In order to test whether SBFC can preserve existing
> connection over a
> andre.liese> > failover,
> andre.liese> > I send a big file from a local net to a remote net by ftp.
> During the ftp
> andre.liese> > transportation
> andre.liese> > I remove a LAN cable from a cluster operative interface of
> the FW in which
> andre.liese> > the ftp
> andre.liese> > transportation is passing through. The connection of ftp
> will be lost and
> andre.liese> > the connection
> andre.liese> > does not move to another FW. If  I use the command "sbfc
> offline 1"
> andre.liese> without
> andre.liese> > removing
> andre.liese> > the LAN cable from the operative interface, the connection
> of ftp will be
> andre.liese> > preserved and
> andre.liese> > the transportation will move to  another FW.   Do I miss
> something in the
> andre.liese> > configuration?
> andre.liese> > Any help or suggestion is highly appreciated.
> andre.liese> >
> andre.liese> > Best regards,
> andre.liese> >
> andre.liese> > --Wen
> andre.liese> >
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>

--
+++ GMX - Mail, Messaging & more  http://www.gmx.net +++
NEU: Mit GMX ins Internet. Rund um die Uhr f�r 1 ct/ Min. surfen!

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] AW: [FW-1] Problem about High Availability of SBFC
  - From: Guangcheng Wen <[email protected]>

References:
- Re: [FW-1] AW: [FW-1] Problem about High Availability of SBFC
  - From: Guangcheng Wen <[email protected]>

Prev by Date: Re: [FW-1] Question on IP pools NAT
Next by Date: [FW-1] upgrade verifier utility!
Prev by thread: Re: [FW-1] AW: [FW-1] Problem about High Availability of SBFC
Next by thread: Re: [FW-1] AW: [FW-1] Problem about High Availability of SBFC
Index(es):
- Date
- Thread