CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8, 7/6, 8/3.
2. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > Clustering (Security Gateway HA and ClusterXL)
Determine multicast address for state sync or H.A. mode on a firewall cluster Determine multicast address for state sync or H.A. mode on a firewall cluster
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2006-05-13
Senior Member
  
Join Date: 2005-12-12
Location: Malaysia
Posts: 122
Rep Power: 0
pop_alex has an average reputation (10+)
Default Determine multicast address for state sync or H.A. mode on a firewall cluster
Hi,

I found out a way on how to determine the multicast address on firewall cluster which is set automatically (by default). From command prompt on enforcement server, just key in this command

# cphaconf debug_data

Output :


================================================== =========
========== ClusterXL Debug Information ==============
================================================== =========

---------- Selection Table ---------

Effective selection table size : 2

1:1
--------------------------------------

---------- Multicast table ------------

eth0: Address: 192.168.10.6
Cluster/Default multicast IP : 192.168.10.250, MAC address : 01-00-5e-28-0a-fa
eth1: Address: 192.168.1.6
Cluster/Default multicast IP : 192.168.1.250, MAC address : 01-00-5e-28-01-fa
eth2: Address: 10.1.0.2
Cluster/Default multicast IP : 10.1.0.250, MAC address : 01-00-5e-28-00-fa
------------------------------------------------------------------------

================================================== =========
========== ClusterXL Debug End ==============
================================================== =========

I compared with another firewall peer and it has the same information with this firewall. All this while, I'm trying to find out the multicast address for the heartbeat as I had a problem to connect and synchronized three enforcement servers (firewall) which is connected to same VLAN on both Cisco 6500 which is trunked via a fiber.

I found also that these multicast addresses are not change even after reboot. But there is one question, is this the multicast address mentioned in the "Troubleshoot interface flapping" section which is used to configure at Cisco 6500 series in order both or more enforcement synchronize on each other?

In the other hand, I'm using State Sync for my firewall cluster which is running a 3rd Party load-balancing software (RainWall 3.1 SP5 R1) on top of it. I just wonder by using this multicast address, I could set it on Cisco 6509 switches to make both firewall on each location able to synchronize properly.

Regards,

Al
Last edited by pop_alex; 2006-05-13 at 06:27. Reason: Clarifying
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -7. The time now is 03:54.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.4
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.2.0