[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] High Availability failing over problem
I assume the two FW's are checking on each other over their regular ethernet ports (as opposed
to a 2nd private LAN connection) ?
- are you using hme nics or qfe?
- have a look at a netstat -k <ifname> eg: netstat -k qfe0
Look for errors (I pasted explanations below, courtesy of Rob Thomas' fine web site!)
card-wise, qfe cards are faster than the built in hme cards. Not sure what kind a U10
has so.. worth a shot anyhow. I know with Rainwall installs, they rec only using qfe.
Not sure about CP's HA needs..
-------------
reading a netstat -k (view in courier)
-------------
example: netstat -k hme0
hme0:
ipackets 85402 ierrors 0 opackets 470 oerrors 0 collisions 1
defer 0 framing 0 crc 0 sqe 0 code_violations 0 len_errors 0
drop 0 buff 0 oflo 0 uflo 0 missed 0 tx_late_collisions 0
retry_error 0 first_collisions 0 nocarrier 0 inits 7 nocanput 0
allocbfail 0 runt 0 jabber 0 babble 0 tmd_error 0 tx_late_error 0
rx_late_error 0 slv_parity_error 0 tx_parity_error 0 rx_parity_error 0
slv_error_ack 0 tx_error_ack 0 rx_error_ack 0 tx_tag_error 0
rx_tag_error 0 eop_error 0 no_tmds 0 no_tbufs 0 no_rbufs 0
rx_late_collisions 0
ipackets packets received
ierrors malformed packets received
opackets packets sent
oerrors output errors
collisions transmit collisions for a given packet
defer deferred output transmissions ( but still sent )
framing packets seen with framing or alignment errors
crc packets received with CRC (checksum) errors
sqe SQE test errors
code_violations code violation errors
len_errors rx len errors (packet too large)
buff buffer errors recv packet sizes > buffer size
drop recv packets dropped
oflo number of recv overflow due to a busy backplane
uflo number of xmit underflow due to a busy backplane
missed input packets recv missed
tx_late_collisions late collisions recv
retry_error number xmit retry failures (for Ethernet, this is > 16
retries)
first_collisions first collisions
nocarrier carrier (link) lost since system boot
inits hardware has been initialized by an ioctl call
nocanput errors trying to send packets upstream, canput() failed
allocbfail times driver ran out of transmit buffers, allocb() failed
runt recv runt (packet size < 64 bytes) packets, often
the product of collisions
jabber jabber (improper electrical signal) errors
babble babble (host transmitting beyond the time limit) errors
tmd_error chained tx desc. errors
tx_late_error SBUS tx late error
rx_late_error SBUS rx late error
slv_parity_error slave parity errors
tx_parity_error tx parity errors
rx_parity_error rx parity errors
slv_error_ack slave error acks
tx_error_ack tx error acks
rx_error_ack rx error acks
tx_tag_error tx tag error
rx_tag_error rx tag error
eop_error eop error
no_tmds out of tmds
no_tbufs out of xmit buffers
no_rbufs out of recv buffers
rx_late_collisions recv late collisions, generally caused by
exceeding the maximum cable length dictates
or faulty hardware
written by:
Rob Thomas, [email protected]
http://www.enteract.com/~robt
>>> Scott Kellerman <[email protected]> 11/06/02 12:57PM >>>
Hi all,
I'm having a problem where my main firewall is failing over to the secondary
firewall. I'm using Checkpoints HA solution. I'm using the following...
Sun Sparc Ultra 10's
version 4.1 SP 4
Solaris 2.7
Here is the error that I see in the logs...
*************************************************************
High Availability: fwd detected a problem (communication problem). Blocking
state at DEAD.
*************************************************************
Has anyone ever seen this error message ?
Any advice would be very helpful
Thanks in advance.
_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE*
http://join.msn.com/?page=features/junkmail
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.
www.mimesweeper.com
**********************************************************************
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================