Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] AW: [FW-1] AW: [FW-1] Stonebeat Sync Problems

To: [email protected]
Subject: Re: [FW-1] AW: [FW-1] AW: [FW-1] Stonebeat Sync Problems
From: Skar <[email protected]>
Date: Fri, 19 Sep 2003 04:29:45 -0700
In-reply-to: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Excuse me,
Does stonebeat fullcluster is certified for NG AI? As
CP doesn't give support; stated that it's not
certified.

--- "Vogel, Jochen" <[email protected]> wrote:
> Hi,
>
> here is the nice answer from stonebeat
>
> FullCluster can be used with firewalls that do not
> have any state sync mechanism as well as with those
> firewalls, that have state sync mechanism.
> Even if firewall has a state sync mechanism, there
> can be reasons why that mechanism can not be used.
> During upgrade, when nodes have different versions
> from firewall software, state sync can crash the
> system. Some memory structure problems are more
> easily seen when state information is synced. A bug
> or limitation in the firewall software can prevent
> using sync in some platforms or in the case of some
> special kind of traffic.
>
> FullCluster has been designed in a way that it does
> not need state sync during normal operation. Instead
> of trusting that state sync fixes problems with
> asymmetry, connections are handled symmetrically.
> The role of state sync is only to support fail-over
> of connections when there is a need to move
> connections between nodes. If state sync can not be
> used, then existing connections are lost in such
> situation.
>
> State sync is a FW-1 feature, that has been in FW-1
> for a long time. Currently it is located and
> configured under ClusterXL settings, even when using
> state sync does not need any clusterXL license or
> actual clusterXL functionality. When some FW-1
> version is tested with FullCluster, it does not mean
> that this specific FW-1 version is claimed to be
> free from limitations and bugs. It is tested that
> FullCluster does not prevent the firewall version
> from operating at the level that FW-1 version
> operates. Installing FullCluster does not remove any
> limitations that FW-1 version might have.
>
>
------------------------------------------------------
>
> today i upgraded all checkpoints to NG AI.
> it seems to be working fine.
>
> regards
> jo
>
>
> > -----Ursprüngliche Nachricht-----
> > Von: Ruiyuan Jiang [mailto:[email protected]]
> > Gesendet am: Dienstag, 16. September 2003 13:27
> > An: [email protected]
> > Betreff: Re: [FW-1] AW: [FW-1] Stonebeat Sync
> Problems
> >
> > Yes, you can install StoneBeat FullCluster 3.0
> with Solaris 9
> > but CheckPoint
> > NG FP3's state sync does not work with Solaris 9
> and that is where the
> > problem is.
> >
> > Ryan Jiang
> >
> > -----Original Message-----
> > From: Edouard Zorrilla
> [mailto:[email protected]]
> > Sent: Monday, September 15, 2003 3:26 PM
> > To: [email protected]
> > Subject: Re: [FW-1] AW: [FW-1] Stonebeat Sync
> Problems
> >
> >
> > So, can I install StoneBeat FullCluster 3.0 with
> Solaris 9 ?.
> > By the way,
> > somebody has installed SBFC 3.0 with Solaris 9?, i
> have
> > serious problems
> > doing it. I was wandering if you would mind send
> me some
> > manual instalation
> > for it !
> >
> > Thanks for your help
> >
> > Edouard Zorrilla
> > ----- Original Message -----
> > From: "Vogel, Jochen" <[email protected]>
> > To: <[email protected]>
> > Sent: Monday, September 15, 2003 12:54 PM
> > Subject: [FW-1] AW: [FW-1] Stonebeat Sync Problems
> >
> >
> > hi ryan,
> >
> > in the release notes solaris9 (64bit) are
> supported
> >
>
ftp://download.stonesoft.com/web/Support/StoneBeat/PublicDocs/
> > FullCluster/fw
> > -1/3.0/release-notes/sbfc30sp3-2relnote.pdf
> >
> >
> >
> >
> > > -----Ursprüngliche Nachricht-----
> > > Von: Ruiyuan Jiang
> [mailto:[email protected]]
> > > Gesendet am: Montag, 15. September 2003 19:24
> > > An: [email protected]
> > > Betreff: Re: [FW-1] Stonebeat Sync Problems
> > >
> > > I think CheckPoint only certifys Solaris 8 with
> NG FP3. NG
> > > FP3 does not
> > > support Solaris 9 with State Sync. You have to
> downgrade to
> > > Solaris 8. That
> > > is what happened to me when I first installed
> Solaris 9.
> > >
> > >
> > > Ryan Jiang
> > > Senior UNIX adminstrator
> > >
> > > -----Original Message-----
> > > From: Vogel, Jochen
> [mailto:[email protected]]
> > > Sent: Monday, September 15, 2003 12:13 PM
> > > To: [email protected]
> > > Subject: [FW-1] Stonebeat Sync Problems
> > >
> > >
> > > Hi,
> > >
> > > i use
> > > -Solaris9
> > > -Stonebeat3.0SP2
> > > -CheckpointNG.FP3.HF2
> > >
> > > -the cluster object is created and sync enabled
> > > -the sync is in cpconfig enabled
> > >
> > > if i ping from the cluster an other system i get
> drops from
> > > one system with
> > > out of state messages
> > >
> > > with fw tab -t connections -f i can see that the
> state table doesn´t
> > > correlate.
> > >
> > > with fw ctl pstat i can see that the snyc send
> but didnt receive
> > > sync new ver working
> > > sync out: on  sync in: on
> > > sync packets sent:
> > > total: 16 retransmitted: 0 retrans reqs: 0 acks:
> 0
> > > sync packets received:
> > > total 0 of which 0 queued and 0 dropped by net
> > > also received 0 retrans reqs and 0 acks to 0 cb
> requests
> > >
> > > if i try to ping the other machine in the
> heartbeat net i get
> > > Sep 15 18:02:35 cfwc1n1.activest.de fw:
> fwstrmod_filter(out):
> > > no interface
> > > information (eab1d8)
> > >
> > > at boottime i can see
> > > configuring IPv4 interfaces:NOTICE:
> sbuwput_proto(29): DL_OUTSTATE
> > > ip: joining multicasts failed (3) on sbif0 -
> will use link
> > > layer broadcasts
> > > for multicast
> > >
> > > ifconfig sbif0 shows
> > > sbif0:
> > >
>
flags=1001843<UP,BROADCAST,RUNNING,MULTICAST,MULTI_BCAST,IPv4>
> mtu
> > > 1500 index 2
> > > inet 192.168.92.33 netmask fffffff0 broadcast
> 192.168.92.47
> > >
> > > ether 8:0:20:c9:44:49
> > >
> > > thx for help
> > > jo
> > >
> > >
> =================================================
> > > To set vacation, Out-Of-Office, or away
> messages,
> > > send an email to
> [email protected]
>
=== message truncated ===


=====
------------
Sick Boy

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- [FW-1] AW: [FW-1] AW: [FW-1] Stonebeat Sync Problems
  - From: "Vogel, Jochen" <[email protected]>

Prev by Date: [FW-1]
Next by Date: [FW-1]
Previous by thread: [FW-1] AW: [FW-1] AW: [FW-1] Stonebeat Sync Problems
Next by thread: [FW-1] Smart Defense
Index(es):
- Date
- Thread