secondary FireWall-1 module

lbraid · #1 (**permalink**) 2007-11-08

We have 2 ip560 nokia's, one primary and one seconary using VRRP active/standby - (NGX R61)
We tried a test failover to the secondary which was fine.

But everytime it gets to 2 hours it stops passing traffic. We have no errors reported on the system?

Has anyone experienced this before?

Regards

Lee

donshoutarp · #2 (**permalink**) 2007-11-08

I'd check to make sure the multicast packets from the active are getting thru to the secondary. I've seen cases where layer 3 switches sometimes stopped sending the packets. I know that there are commands, for example, in Cisco that keeps the packets flowing, but I always try to find a pure layer 2 switch.

lbraid · #3 (**permalink**) 2007-11-09

It's when on the secondary unit that the traffic stops passing after 2hours and the outbound connections are on layer 2 switches. We have to fail back over to the primary.

But now we want to sort this issue out just in case we do have real issue and the secondary device will only past traffic for 2 hours.

Regards

Lee

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode