Echoing Khieven's sentiments, in your configuration, you
really should have
spearate heartbeat and sync interfaces in your active/active
config --
otherwise mass havok may ensue.
Best of luck!
______________________________________
Michael E. Natkin
Security Engineer, NJ/PA
Check Point Software Technologies, Inc.
mnatkin us.checkpoint.com
Mobile: 570-371-8355
Skype / Yahoo / AIM: menatkin
MSN Messenger: menatkinlive.com
This information is intended only for the person to whom it
is addressed and
may contain confidential material. If you are not the
intended recipient,
you are hereby notified that any action taken upon this
message is
prohibited. If you received this in error, please contact
the sender and
delete the material from any computer.
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM]
On Behalf Of Khievhen
TEA
Sent: Friday, March 28, 2008 4:28 AM
To: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Checkpoint synchronization interface ip
address
assistance needed
Hello,
You are using an Active/Active cluster, as you talked about
Checkpoint and
Nokia, I think you are also using IP Cluster.
Are you using the same network for the Checkpoint synch and
the IPSO Cluster
Protocol?
In this case you should have trouble.
I am also using /30 for my Checkpoint synch network and I
have never
experimented any issues with that. But I am using Nokia VRRP
Master/Slave.
So if you have any informations from both Nokia and
Checkpoint regarding
this, I would be grateful.
Best regards,
Khievhen
2008/3/28, cisco4ng <cisco4ngyahoo.com>:
>
> I have lot of issues with out-of-state packet and
sqlnet traffics not
> working
> one day and work the next. Lot of intermittent
issues.
>
> Once I started changing the sync interface from/30 to
/28, everything has
> been working fine for the past 2 weeks. There were NO
changes on the
> servers side.
>
> I am using ClusterXL Active/Active unicast mode. I
just remembered having
> this conversation years ago with Checkpoint/Nokia so I
am trying to find
> the
> documentation for it.
>
>
> sin <sinIMACANDI.NET> wrote: cisco4ng wrote:
> > Can someone help me with this issue?
> >
> > I remembered having this conversation with both
Nokia
> > and Checkpoint engineers when we rolled out
Checkpoint
> > NG Feature Pack 3 on Nokia platforms. I
recalled
> > that both engineers Checkpoint and Nokia told me
> > that the "SYNC" interface must have at
least /28
> > netmask. In other words, it must have at least
> > 255.255.255.240 netmask. For example, my sync
> > interface must be at least
10.0.0.0/255.255.255.240.
> > I recalled that the engineers told that by by
having
> > the "SYNC" interface with a netmask of
/29, /30 will
> > cause stability issues.
> >
> > Can anyone tell me where I can find this
documentation?
>
> all the 2 member clusters I installed starting with
NG-AI were setup
> with a /30 and they work fine till this day. what
problems are you
> experiecing ?
>
> Scanned by Check Point Total Security Gateway.
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERVamadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http:
//www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ownerts.checkpoint.com
> =================================================
>
>
>
>
> ---------------------------------
> Looking for last minute shopping deals? Find them fast
with Yahoo!
> Search.
>
>
> Scanned by Check Point Total Security Gateway.
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERVamadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http:
//www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ownerts.checkpoint.com
> =================================================
>
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|
