I am attempting to utilize the synchronization capabilities of FW1 ver
3.0b to implement "high-availability" and I am running into a problem.
I have two HPUX C100's configured identically. Installed are a total of
four network interfaces in each.
Interface 1: to the Internet
Interface 2: to the intranet
Interface 3: to the DMZ
Interface 4: to the "firewall sync network"
The firewall sync network only has the two firewalls on it, I am using a
non-internet routable "test" range to address that segment. The
firewalls each have an entry in the /etc/fw/conf/sync.conf file
pointing to their counterpart.
Here is the problem:
I am continuously seeing a "Got Connection from firewall-1"
then immediately seeing a "End Connection from firewall-1"
These messages appear simultaneously on both firewall consoles. Logs
appear to be shared, but state tables only seem to be shared part of the
time.
Checkpoint suggested that if the two machines system clocks were more
than 5 seconds out of synchronization that it could cause this problem.
We set the clocks to the same time, and tested, still no luck. We even
installed ntp between them and it did not change the results.
Anyone have any ideas?
- - -/ W. Ian Schlueter ian .
schlueter @
avnet .
com
- - / Project Manager, Global Internet/intranet support
- -/ Avnet, Inc. Chandler, AZ
- / (602) 940-5977
Follow-Ups:
|
|
