[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] AW: [FW-1] Problem about High Availability of SBFC

To: [email protected]
Subject: Re: [FW-1] AW: [FW-1] Problem about High Availability of SBFC
From: Guangcheng Wen <[email protected]>
Date: Wed, 30 Oct 2002 10:02:05 +0900
In-Reply-To: <[email protected]>
References: <[email protected]> <[email protected]>
Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hello,
Thanks a lot for your help.

andre.liese> when the node which handels the connection (are you sure it is the right
andre.liese> node? Take a look at the firewall log...) fails and changes its state to
andre.liese> offline,

Sure. I have checked both of firewall log viewer and sbfc status.

do you lose the ftp-connection after some time?

Yes.

andre.liese> Normally the (offline) gateway will be closed for any traffic.
andre.liese> If you use a crosslinked twisted pair cable, the test will fail on both
andre.liese> nodes.

My LAN cable is not a crosslinked twisted pair one.

andre.liese> Probably the last node will work on, however it should be down.
andre.liese> To be sure -> forceoffline...

If I force offline by command "sbfc offline n" (n is the id of node which
is handeling the connection), a fialover will occur and the traffic will
move to the other node. Do I have to keep the time synchronized between
the two nodes?

Regards,

--Wen

andre.liese> > Hello,
andre.liese> > Thank you so much for your information.
andre.liese> > I have configured the "test subsystem" as follows,
andre.liese> > #distribute on each node
andre.liese> > "gatewaytest_1" 30 online alert 2 1000 multi-ping 200.240.2.4 192.168.1.10
andre.liese> > distribute on node 1
andre.liese> > "linkstatus_1_1_1" 15 online offline 1 1 networkinterface-linkstatus sbif0
andre.liese> > "linkstatus_1_1_2" 15 online offline 1 1 networkinterface-linkstatus sbif1
andre.liese> > "ifacestatus_1_1_3" 15 online offline 1 500 networkinterface-up sbif0
andre.liese> > "ifacestatus_1_1_4" 15 online offline 1 500 networkinterface-up sbif1
andre.liese> > distribute on node 2
andre.liese> > "linkstatus_1_2_1" 15 online offline 1 1 networkinterface-linkstatus sbif1
andre.liese> > "linkstatus_1_2_2" 15 online offline 1 1 networkinterface-linkstatus sbif3
andre.liese> > "ifacestatus_1_2_3" 15 online offline 1 500 networkinterface-up sbif1
andre.liese> > "ifacestatus_1_2_4" 15 online offline 1 500 networkinterface-up sbif3
andre.liese> >
andre.liese> > After I remove a cable from a operative interface, the test subsystem
andre.liese> > recognized the failing node and the status of the node became offline,
andre.liese> > however, the traffic does not move to the other node. But I remove a
andre.liese> > cable of heartbeat interface, the failover will occur.
andre.liese> > any idea?
andre.liese> >
andre.liese> > Regards,
andre.liese> >
andre.liese> > --Wen
andre.liese> >
andre.liese> > andre.liese> we're running an older version of Stonebeat (2.0 & Firewall-1
andre.liese> > 4.1)
andre.liese> > andre.liese>
andre.liese> > andre.liese> You can configure the "test subsystem". For example it can
andre.liese> > monitor firewall
andre.liese> > andre.liese> processes or the status of the NICs ...
andre.liese> > andre.liese> You have to configure a test routine for the NICs. If you
andre.liese> > then remove a
andre.liese> > andre.liese> cable from on node, the test subsystem will recognize the
andre.liese> > failing node an moves
andre.liese> > andre.liese> the traffic transparently to the other.
andre.liese> > andre.liese>
andre.liese> > andre.liese> Perhaps it helps ;-)
andre.liese> > andre.liese>
andre.liese> > andre.liese> Regards
andre.liese> > andre.liese> Andr�
andre.liese> > andre.liese>
andre.liese> > andre.liese>
andre.liese> > andre.liese> Hi Horst,
andre.liese> > andre.liese> Thanks so much for your information.
andre.liese> > andre.liese> > as far as I found out with our installation (StoneBeat
andre.liese> > Fullcluster 3.0 and
andre.liese> > andre.liese> > NG FP2 on Solaris 8) the failover only occurs if the
andre.liese> > heartbeat wents down
andre.liese> > andre.liese> or
andre.liese> > andre.liese> > by sbfc command.
andre.liese> > andre.liese>
andre.liese> > andre.liese> Yes, it is the same situation with me. But in the manual of
andre.liese> > "StoneBeat
andre.liese> > andre.liese> FullCluster
andre.liese> > andre.liese> Administator's Guide", They said "If a StoneBeat FullCluster
andre.liese> > firewall node
andre.liese> > andre.liese> fails, it is switched
andre.liese> > andre.liese> offline
andre.liese> > andre.liese> and the traffic going through it is moved to other firewall
andre.liese> > nodes." and
andre.liese> > andre.liese> "StoneBeat FullCluster can
andre.liese> > andre.liese> preserve all existing connection over a failover."
andre.liese> > andre.liese> Is that true?!
andre.liese> > andre.liese>
andre.liese> > andre.liese> Regards,
andre.liese> > andre.liese>
andre.liese> > andre.liese> --Wen
andre.liese> > andre.liese>
andre.liese> > andre.liese>
andre.liese> > andre.liese>
andre.liese> > andre.liese> > -----Urspr�ngliche Nachricht-----
andre.liese> > andre.liese> > Von: Mailing list for discussion of Firewall-1
andre.liese> > andre.liese> > [mailto:[email protected]]Im
andre.liese> > Auftrag von Wen
andre.liese> > andre.liese> > Guangcheng
andre.liese> > andre.liese> > Gesendet: Donnerstag, 24. Oktober 2002 04:44
andre.liese> > andre.liese> > An: [email protected]
andre.liese> > andre.liese> > Betreff: [FW-1] Problem about High Availability of SBFC
andre.liese> > andre.liese> >
andre.liese> > andre.liese> >
andre.liese> > andre.liese> > Hi ALL,
andre.liese> > andre.liese> > I have installed StoneBeat FullCluster3.0(SP1) in two
andre.liese> > Solaris8 boxs with
andre.liese> > andre.liese> > FW-1 (NG FP2).
andre.liese> > andre.liese> > In order to test whether SBFC can preserve existing
andre.liese> > connection over a
andre.liese> > andre.liese> > failover,
andre.liese> > andre.liese> > I send a big file from a local net to a remote net by ftp.
andre.liese> > During the ftp
andre.liese> > andre.liese> > transportation
andre.liese> > andre.liese> > I remove a LAN cable from a cluster operative interface of
andre.liese> > the FW in which
andre.liese> > andre.liese> > the ftp
andre.liese> > andre.liese> > transportation is passing through. The connection of ftp
andre.liese> > will be lost and
andre.liese> > andre.liese> > the connection
andre.liese> > andre.liese> > does not move to another FW. If  I use the command "sbfc
andre.liese> > offline 1"
andre.liese> > andre.liese> without
andre.liese> > andre.liese> > removing
andre.liese> > andre.liese> > the LAN cable from the operative interface, the connection
andre.liese> > of ftp will be
andre.liese> > andre.liese> > preserved and
andre.liese> > andre.liese> > the transportation will move to  another FW.   Do I miss
andre.liese> > something in the
andre.liese> > andre.liese> > configuration?
andre.liese> > andre.liese> > Any help or suggestion is highly appreciated.
andre.liese> > andre.liese> >
andre.liese> > andre.liese> > Best regards,
andre.liese> > andre.liese> >
andre.liese> > andre.liese> > --Wen
andre.liese> > andre.liese> >
andre.liese> >
andre.liese> > =================================================
andre.liese> > To set vacation, Out Of Office, or away messages,
andre.liese> > send an email to [email protected]
andre.liese> > in the BODY of the email add:
andre.liese> > set fw-1-mailinglist nomail
andre.liese> > =================================================
andre.liese> > To unsubscribe from this mailing list,
andre.liese> > please see the instructions at
andre.liese> > http://www.checkpoint.com/services/mailing.html
andre.liese> > =================================================
andre.liese> > If you have any questions on how to change your
andre.liese> > subscription options, email
andre.liese> > [email protected]
andre.liese> > =================================================
andre.liese> >
andre.liese>
andre.liese> --
andre.liese> +++ GMX - Mail, Messaging & more  http://www.gmx.net +++
andre.liese> NEU: Mit GMX ins Internet. Rund um die Uhr f�r 1 ct/ Min. surfen!
andre.liese>
andre.liese> =================================================
andre.liese> To set vacation, Out Of Office, or away messages,
andre.liese> send an email to [email protected]
andre.liese> in the BODY of the email add:
andre.liese> set fw-1-mailinglist nomail
andre.liese> =================================================
andre.liese> To unsubscribe from this mailing list,
andre.liese> please see the instructions at
andre.liese> http://www.checkpoint.com/services/mailing.html
andre.liese> =================================================
andre.liese> If you have any questions on how to change your
andre.liese> subscription options, email
andre.liese> [email protected]
andre.liese> =================================================
andre.liese>

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] AW: [FW-1] Problem about High Availability of SBFC
  - From: Andre Liese <[email protected]>

References:
- Re: [FW-1] AW: [FW-1] Problem about High Availability of SBFC
  - From: Guangcheng Wen <[email protected]>
- Re: [FW-1] AW: [FW-1] Problem about High Availability of SBFC
  - From: Andre Liese <[email protected]>

Prev by Date: [FW-1] Backup NG rulebases and objects
Next by Date: Re: [FW-1] Backup NG rulebases and objects
Prev by thread: Re: [FW-1] AW: [FW-1] Problem about High Availability of SBFC
Next by thread: Re: [FW-1] AW: [FW-1] Problem about High Availability of SBFC
Index(es):
- Date
- Thread