|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] AW: [FW-1] VRRP Nokia / CP-NG
How did you configure the VRRP in 3.7 ? - Legacy mode ? - Cluster mode ? Did you configure the monitoring circuit in the VRRP ? Did you try a restart the HA module ? My understanding is You manage to failover, iclid>sh vrrp shows that the fw1 is backup and fw2 is master. And you also manage to failback, but the state session does not get transferred. Is this assumption right ? How did you fail over ?, physically or through the voyager (uncheck the interface). I have faced a problem before that if you unplug the cable manually, it takes some time for it to reinstate the interface state, i assumed it was something to do with the switch, but when I tried it through Nokia Voyager, I down the int from the GUI, it works fine. Some ways to troubleshoot the connections status. fw tab -t connections -s (to check for the connection state) iclid > sh vrrp tcpdump the sync int.(you should see both I and O) Cheers Ganesh C -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]]On Behalf Of Hintz Marc Sent: Friday, October 17, 2003 12:19 AM To: [email protected] Subject: [FW-1] AW: [FW-1] VRRP Nokia / CP-NG For example, I lost the ssh-session through the firewall if the master shift from one to the other. I have to reconnect since I have upgraded. I can't see traffic on the vrrp-sync interface? I think I should see the informations about the connections for the backup firewall? Best regards Marc -----Ursprüngliche Nachricht----- Von: Mailing list for discussion of Firewall-1 [mailto:[email protected]]Im Auftrag von Ganesharatnam C Gesendet: Freitag, 17. Oktober 2003 18:48 An: [email protected] Betreff: Re: [FW-1] VRRP Nokia / CP-NG What do you mean the new master lost all the old connections ? Thanks Ganesh C I have a Nokia IP440/IPSO 3.7 cluster with CP-NG FP3. The Nokia VRRP works fine until I have upgraded from IPSO 3.5 / CP-4.1. The shifting from the master to the backup works fine. But the new master lost all the old connections. I have made the changes from Nokia Resolution 13770 in the CP-rulebase. No effect! The VRRP sync runs over a dedicated interface. I can't see any traffic on these interfaces. A ping from one to the other on these interfaces works. On the other interfaces I can see the VRRP traffic: tcpdump: listening on eth-s3p1 11:50:00.710385 O 10.62.32.66 > 224.0.0.18: VRRPv2-adver 20: vrid 65 pri 250 [tos 0xc0] ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ___________________________________________________________________________________________________________________________________________________________________ This mail is protected by Silicon Communications S/B The information contained in this message maybe confidential and protected from disclosure. If you are not the intended recipient of this message, please delete this message immediately. You are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. ~~~This email has been scanned by our anti-virus system. For precaution, please make sure you scan every attachment in this email. Please use at your own risk. Thank you. :) Mailadmin~~~ ___________________________________________________________________________________________________________________________________________________________________ ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
