Bug?? Cluster XL and Blue Screen of Death

[ppnair@gmail.com]

Hello everyone,

Just wanted to see any of you had this issue on NGX with Cluster XL High Availability New Mode. Actualy I could manage to crash the server TWO times when I attempted the following steps. Any advice or pointers will be helpful; as I am waiting on CheckPoint support response. Hope it is not a bug.

I have took a new Dell machine installed Windows 2003 R2 fresh and performed the following steps. End result is Blue Screen of Death with Error BAD_IP_POOL_HEADER.

The steps followed:

1. Installed Windows 2003 OS on a Dell 6850

2. Configured all the necessary IP addresses on Three interfaces cards.

3. Installed CheckPoint NGX R65 Build 427 on Firewall-1 module, Smartcenter server is on build 620000380. This is a distributed install. SmartCenter IP is 172.16.X.20, Firewall-1 Gateway IP is 192.168.X.21

4. Configured SIC using command "cpconfig" on 192.168.X.21. Checked the "This is a cluster memeber"

5. Created a "VPN-1/Power UTM Cluster" objects as "CPCLUST00". Added the Cluster member CPCLUST01 into the cluster SIC communication was successful when hitting the Test SIC button.

6. Installed a EVAL LICENSE using SmartUpdate for Object CPCLUST01

7. Configured the cluster IPs as "192.168.X.20" [Internel VIP and X.X.X.7 [External Internet VIP]

8. Configured Syncronization link [Cross over cable to a standby machine without ChekPoint on it] as 192.168.175.7

9. Till this step all if fine. I could just install the policy - ONLY A STEALH RULE without any object name in it.

10. HERE IS ALL STARTED: Added CPCLUST00 into a rule Any-CPCLUST00-> https, http, DNS

11. Tried to push the policy - could see the CPSLUST01 server Reboots with BDOS with the error BAD_IP_POOL_HEADER. After this server comes up online after the reboot; but SIC communication fails; no connection to SmartCenter server.

Praveen

[chillyjim]

Open a call with TAC on that one, its either going to be an easy fix or off to RnD would be my guess.

That said, you should really try SPLAT for your gateways. Its a lot lighter, faster and a boatload more stable than Windows for a gateway.

[ppnair@gmail.com]

Just to update all of you that the ticket with Checkpoint support has been closed. Reason: - Windows 2003 R2 is still not officialy supported by CheckPoint. We have rolled back to Windows 2003 Enterprise with SP2 which is supported. Hope someone will find this useful