Checkpoint synchronization interface ip address assistance needed

Can someone help me with this issue?
 
 I remembered having this conversation with both Nokia
 and Checkpoint engineers when we rolled out Checkpoint
 NG Feature Pack 3 on Nokia platforms.  I recalled
 that both engineers Checkpoint and Nokia told me
 that the "SYNC" interface must have at least /28

 netmask.  In other words, it must have at least
 255.255.255.240 netmask.  For example, my sync
 interface must be at least 10.0.0.0/255.255.255.240.
 I recalled that the engineers told that by by having
 the "SYNC" interface with a netmask of /29, /30
will
 cause stability issues.  
 
 Can anyone tell me where I can find this documentation?
 
 Thanks in advance.
       
---------------------------------
Looking for last minute shopping deals?  Find them fast with
Yahoo! Search.

Scanned by Check Point Total Security Gateway.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================

cisco4ng wrote:
> Can someone help me with this issue?
>  
>  I remembered having this conversation with both Nokia
>  and Checkpoint engineers when we rolled out
Checkpoint
>  NG Feature Pack 3 on Nokia platforms.  I recalled
>  that both engineers Checkpoint and Nokia told me
>  that the "SYNC" interface must have at least
/28 
>  netmask.  In other words, it must have at least
>  255.255.255.240 netmask.  For example, my sync
>  interface must be at least 10.0.0.0/255.255.255.240.
>  I recalled that the engineers told that by by having
>  the "SYNC" interface with a netmask of /29,
/30 will
>  cause stability issues.  
>  
>  Can anyone tell me where I can find this
documentation?

all the 2 member clusters I installed starting with NG-AI
were setup 
with a /30 and they work fine till this day. what problems
are you 
experiecing ?

Scanned by Check Point Total Security Gateway.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

cisco4ng <cisco4ngYAHOO.COM> wrote:
>
> I recalled that both engineers Checkpoint and Nokia
told me that the
> "SYNC" interface must have at least /28
netmask.

The only time I have seen any weird requirements on Sync
netmask is on
the Nortel ASF, where the Sync network must have exactly the
same
netmask as the MIP (management) network.  So in our
installation where
we had a /28 netmask for MIP, we were required to use /28
for SYNC even
though every one of our other (Nokia & SPLAT) firewalls
uses /30 for
SYNC.

So, don't know why Nokia or Checkpoint would have told you
that.

- -- 
David DeSimone == Network Admin == foxverio.net
"This email message is intended for the use of the
person to whom
 it has been sent, and may contain information that is
confidential
 or legally protected.  If you are not the intended
recipient or have
 received this message in error, you are not authorized to
copy, dis-
 tribute, or otherwise use this message or its attachments. 
Please
 notify the sender immediately by return e-mail and
permanently delete
 this message and any attachments.  Verio, Inc. makes no
warranty that
 this email is error or virus free.  Thank you." 
--Lawyer Bot 6000
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFH7CncFSrKRjX5eCoRAnkjAJsGCrtyuG4YMnOi2okpLOXg36ZnmgCg
gnSb
BcYgPsSm3Bz8ITU5nSYid38=
=j7da
-----END PGP SIGNATURE-----

Scanned by Check Point Total Security Gateway.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================

I've never heard that. I have multiple pairs built using /30
sync
subnets across various versions, and I'm not having any sync
issues.  

You didn't say what problems you're seeing, so just to take
a shot in
the dark - you didn't accidentally setup vrrp or otherwise
cluster your
sync IP's, did you?  If one of them tried to talk on the
network or
broadcast IP of your /30 subnet, that might cause it some
problems and
impact the stability of your sync traffic.


-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM]
On Behalf Of
cisco4ng
Sent: Thursday, March 27, 2008 16:11
To: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Checkpoint synchronization interface ip
address
assistance needed

Can someone help me with this issue?
 
 I remembered having this conversation with both Nokia
 and Checkpoint engineers when we rolled out Checkpoint
 NG Feature Pack 3 on Nokia platforms.  I recalled
 that both engineers Checkpoint and Nokia told me
 that the "SYNC" interface must have at least /28

 netmask.  In other words, it must have at least
 255.255.255.240 netmask.  For example, my sync
 interface must be at least 10.0.0.0/255.255.255.240.
 I recalled that the engineers told that by by having
 the "SYNC" interface with a netmask of /29, /30
will
 cause stability issues.  
 
 Can anyone tell me where I can find this documentation?
 
 Thanks in advance.
       
---------------------------------
Looking for last minute shopping deals?  Find them fast with
Yahoo!
Search.

Scanned by Check Point Total Security Gateway.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
************************************************************
***************
The information contained in this communication is
confidential, is
intended only for the use of the recipient named above, and
may be legally
privileged.

If the reader of this message is not the intended recipient,
you are
hereby notified that any dissemination, distribution or
copying of this
communication is strictly prohibited.

If you have received this communication in error, please
resend this
communication to the sender and delete the original message
or any copy
of it from your computer system.

Thank You.
************************************************************
****************


Scanned by Check Point Total Security Gateway.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================

cisco4ng wrote:
> Can someone help me with this issue?
>  
>  I remembered having this conversation with both Nokia
>  and Checkpoint engineers when we rolled out
Checkpoint
>  NG Feature Pack 3 on Nokia platforms.  I recalled
>  that both engineers Checkpoint and Nokia told me
>  that the "SYNC" interface must have at least
/28 
>  netmask.  In other words, it must have at least
>  255.255.255.240 netmask.  For example, my sync
>  interface must be at least 10.0.0.0/255.255.255.240.
>  I recalled that the engineers told that by by having
>  the "SYNC" interface with a netmask of /29,
/30 will
>  cause stability issues.  
>  
>  Can anyone tell me where I can find this
documentation?

all the 2 member clusters I installed starting with NG-AI
were setup 
with a /30 and they work fine till this day. what problems
are you 
experiecing ?

Scanned by Check Point Total Security Gateway.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================

Scanned by Check Point Total Security Gateway.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================