Thread: Problem with pinging Cluster
View Single Post
  #6 (permalink)  
Old 2006-01-06
dimarc dimarc is offline
Junior Member
  
Join Date: 2005-12-28
Location: Belgium
Posts: 6
Rep Power: 0
dimarc has an average reputation (10+)
Default Re: Problem with pinging Cluster
Hello Chaman,

This is the answer. It works.

Enjoy :-)



Symptoms

Unable to simultaneously Ping the cluster IP address and cluster-member physical IP address, from a remote host
arp -a displays MAC addresses of cluster and cluster-member IP addresses.


Solution

his problem was fixed in the following HFAs (HotFix Accumulators):

VPN-1/FireWall-1 NG FP3 HFA_315
VPN-1/FireWall-1 NG with Application Intelligence R54 HFA_401
VPN-1/FireWall-1 NG with Application Intelligence R55 HFA_01

After downloading the fix, modify the Kernel Global Property, "fw_allow_simultaneous_ping".

Check Point recommends to always upgrade to a recent version, and to the most recent HFA of this version.

To get the latest HFA for your product, version and Operating System, go to http://www.checkpoint.com/techsupport/hfa.html.


--------------------------------------------------------------------------------

After the HFA is applied, the Kernel Global Property may be configured, so that a reboot is not required, This can be accomplished by running the command:

fw ctl set int fw_allow_simultaneous_ping 1

The integer value entered must be in decimal when using this command.

This may also serve as a test method before committing sustained changes.


--------------------------------------------------------------------------------

The below changes will set the kernel parameter permanently, such that it will survive reboots:


Windows:

1. On the Security Gateway, edit the registry.

2. Add a DWORD value "fw_allow_simultaneous_ping" under the key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\FW1\Parameters\Globals

3. Modify the value "fw_allow_simultaneous_ping", and enter "1" under "value data".

4. Select "hexadecimal" for "Base".

5. Exit the registry.

6. Reboot.

Solaris:
1. On the Security Gateway, edit the file /etc/system.

2. Add the line:

set fw:fw_allow_simultaneous_ping=1

3. Reboot.


SecurePlatform/Linux:
1. On the Security Gateway edit the file $FWDIR/boot/modules/fwkern.conf (Note: Create fwkern.conf if it does not exist.)

2. Add the line:

fw_allow_simultaneous_ping=1

3. Reboot.

Nokia IPSO:
1. Download and install the Modzap Utility from support.nokia.com.

2. On the Security Gateway, type at prompt:

modzap fw_allow_simultaneous_ping $FWDIR/boot/modules/fwmod.o 0x1

3. Stop/start the firewall services by typing at prompt: cpstop;cpstart

Applies To:

VPN-1/Firewall-1 NG FP3, NG with AI R54, NG with AI R55
ICMP


Succes
Reply With Quote