Schlueter, Ian wrote:
>
> I am attempting to utilize the synchronization capabilities of FW1 ver
> 3.0b to implement "high-availability" and I am running into a problem.
>
> I have two HPUX C100's configured identically. Installed are a total of
> four network interfaces in each.
>
> Interface 1: to the Internet
> Interface 2: to the intranet
> Interface 3: to the DMZ
> Interface 4: to the "firewall sync network"
>
> The firewall sync network only has the two firewalls on it, I am using a
> non-internet routable "test" range to address that segment. The
> firewalls each have an entry in the /etc/fw/conf/sync.conf file
> pointing to their counterpart.
>
> Here is the problem:
>
> I am continuously seeing a "Got Connection from firewall-1"
> then immediately seeing a "End Connection from firewall-1"
>
> These messages appear simultaneously on both firewall consoles. Logs
> appear to be shared, but state tables only seem to be shared part of the
> time.
>
> Checkpoint suggested that if the two machines system clocks were more
> than 5 seconds out of synchronization that it could cause this problem.
> We set the clocks to the same time, and tested, still no luck. We even
> installed ntp between them and it did not change the results.
>
> Anyone have any ideas?
>
> - - -/ W. Ian Schlueter ian .
schlueter @
avnet .
com
> - - / Project Manager, Global Internet/intranet support
> - -/ Avnet, Inc. Chandler, AZ
> - / (602) 940-5977
We had the same problem and we stopped using backup firewall, it is
said that they will fix this problem very soon....
--
*************************************************************
Cihan Subasi
Garanti Ticaret AS
Istanbul/Turkey
email: csubasi @
garanti .
com .
tr
tel : +902126570404 ext 2422 fax: +902126570473
*************************************************************
References:
|
|
