[karimi]

Hello,

I have 2 Nokia running NGXR60 in Load-Sharing config. I installed Checkpoint HFA-04 on my Mgmt Stn, and then installed it on one of the cluster members. FW#2 was taking the traffic while I was making the change on FW#1 - so no interruption - everything went fine, and it asked me to reboot at the end of the install, I did that, and it came back up - I pushed the policy to it, and install was fine.

However, I noticed in the logs that FW#2 was still primary and taking the traffic, and FW#1 wasn't logging. Upon doing cphaprob stat, i see FW#1, the one I had applied HFA04 to, was marked as cluster state=down. I tried to join the Cluster again in Voyager by putting in FW#2 IP, but it refused to join, with the error "firewall-1 must be running on both nodes before cluster" or something to that effect.

I had to uninstall HFA-04 on FW#1 and go back to NGX60 and then it was fine.

What happened? I can't upgrade now because it seems to break the cluster. Someone said it's because both FWs need to be at HFA-04, but i'm very hesistant to work on the active FW in case it breaks it too!

Any advice appreciated

~k