sync: Inconsistencies

[Danielpb]

Hi,

Not sure if anyone can help on this but both cluster modules are reporting the following in the Tracker:

sync: Inconsistencies exists between policies installed on the cluster members. Please reinstall the policy on the cluster.

I can re-install the policy fine on occasions on the backup member I receive the following error:

Reason: SmartCenter aborted connection with peer, due to timeout = 600000(mil-sec)(port = 18191) (Ip = ##.##.##.##) (message from 'firewall host name' which is the backup module)

I have double checked voyager and can see the heart beat, plus I have check the Sync interface to make sure i can vrrp packets to 224.0.0.18.
All seems fine and I'm at a loss.

cheers

[Danielpb]

Hi still seeing these issues...can anyone shed a ray of light?

cheers

[nandushankar]

This occurs when one of the cluster members has already received the new Policy, and the other has not. The first member sends packets on the sync network with new Policy ID. The second member receives them both, and because of Policy inconsistencies, sends the message to SmartView Tracker. When installing the Policy on all cluster members, make sure the option "For Gateway Clusters install on all the members, if it fails do not install at all" is enabled in the "Install Policy" dialog box, before proceeding with the Policy installation. Please try to install the policy on the enforcement module which has not recieved the policy, also check the same using fw stat command to check which is the last policy installed. Please revert back if there is some issues. You can also try using fw unloadlocal on the enforcement module which has old policy and try pushing the policy again.

[Danielpb]

Hi thanks for the reply.......

I have done the fw stat command and it shows the same policy was installed, but there is a time difference of about 1 1/2 min..........would this cause the log errors?

cheers

Dan