ClusterXL Problem on Sun Solaris

[_d3nx]

Hi All,

We have two SUN SPARC firewall modules working on clusterXL in Load sharing unicast mode. All firewall module versions are NGX HFA04. Behind of the firewall modules, there are two F5 (loadbalancer) working as active-passive (HA) mode. Two F5 work as single loadbalancer like as CheckPoint ClusterXL HA mode did. Each F5 has unique IP address and they are sharing one virtual IP address. MAC address of virtual IP address of F5 is MAC address of active F5 device. Firewall cluster internal interfaces and F5 external interfaces are in the same L2 VLAN.

We are experiencing problem, when the active F5 become passive, although pivot mode of firewall cluster could update its arp table for virtual IP address of F5’s for new MAC, member of firewall cluster couldn’t. Since all the routing is defined to this virtual IP, all connections coming through member node could not be established. When we clear arp table manually on firewall member node with arp –d, everything is starting to work.

are there anybody faced with this problem?