[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] IP Clustering with IPSO 3.7 CVP Problem - Does GOD hates me?
Hello Gurus, We are experiencing a very weird behavior of Firewall 1 AI within a customer. We currently have it deployed over a 2 Nokia IP 650 using IPSO 3.7 and running IP Clustering. We have are not using NAT or VPN. We are also using Trendmicro's Interscan Viruswall for Windows NT 3.52 and a CVP server for HTTP and FTP. The strange behavior is shown when we test the high availability feature of the load sharing capabilities of IP Clustering. When start a FTP connection and we turn of the firewall that is handling that particular connection, the other one does not take it over. It's something like this: If the FTP connection is going through firewall A and firewall A goes down, the connection is lost and must be re-established. If the FTP connection is going through firewall B and firewall B goes down, the connection is lost and must be re-established. If the FTP connection is going through firewall A and firewall B goes down, the connection is not affected. If the FTP connection is going through firewall B and firewall A goes down, the connection is not affected. In other words, the connection is lost if the firewall that goes down is the one the FTP connection was going through. I truly feel this is an incompatibility issue with CVP and IP Clustering, and it's by design. I have already notified checkpoint, but I'd like your opinion on this problem. Can someone give me some advice on this? Thank you! Regards Daniel Accioly Rosa, CISSP Consultant Global Infrastructure Services Phone :55+(21) 3804-5110 Net : 692-5110 UNISYS Imagine it. Done. > This message, including its attachments, is confidential and its contents > are restricted to the addressee. If you have received this message by > accident, please discard its contents by removing it from your mailbox. > Any unauthorized use of this message, replication or dissemination is > expressly prohibited. Unisys is not responsible for the content or > reliability of this information.. > > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|