 | ||
 Secondary firewall using VIP address | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2006-04-24 | |||
| |||
 Secondary firewall using VIP address Hi all, This is my first post so please be nice :) Platform: splat, NG, 7 interfaces Hi I have two firewallas operating with ClusterXL. ClusterXL appears to be running okay, but on the secondary firewall, it can ping devices on all interfaces apart from the external interface. When trying to ping the firewall from the external gateway and running tcpdump on the secondary firewall, I can see the traffic reaching the firewall, but then the secondary ARPs for the IP: 10:50:15.173191 1.2.3.4 > 10.0.0.1: icmp: echo request 10:50:15.173354 arp who-has 1.2.3.4 tell 10.0.0.2 (<-this is the VIP address) I do not understand this behaviour as it is the secondary firewall and should not be using the VIP address. This only happens for the external interface. I believe the switch connecting the firewall and gateway is an unmanaged switch. This problem has been ongoing for days, so any old ARP entries from when the secondary was the active firewall should be flushed by now. When running arp -a I see an incompelte entry. Any help would be appreciated. Regards Sid  |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
