[FW-1] NG FP2 and Nokia IPSO 3.5 arp problem

[Thomas L�thi <Thomas.Luethi@FW1-NOSPAMCNLAB.CH>]

Hello

We have 2 nokia IP530, IPSO 3.5-FCS8 and checkpoint NG FP3. VRRPmc are configured on every interface with a different VRID and connections to the VRRP IPs are enabled in voyager configuration. VRRP is working correctly as i can see with 'iclid show vrrp'. We have 5 masters on machine A and 5 backups on machine B. If I disable one interaface on A, we have 4 backups on A and 5 masters on B. This seems to work correctly

The problem is that I am not able to ping the interface ip when I have pinged the virtual IP before:

Ping to virtual ip -> works
Ping to real ip -> not response

But I receive a arp response for the real ip!

I can delete the arp cache on both machines (nokia and my pc) and try to access the real ip first:

Ping to real ip -> works
Ping to virtual ip -> no response

That means I am not able to access the real ip on the master if I have accessed the virtual ip before.
Is this a known bug?
Is there any solution for that?
Are there any known problems with NGFP3 and IPSO 3.5?

Thanks Thomas

=================================================
To set vacation, Out Of Office, or away messages,
send an email to LISTSERV@lists.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================