CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8, 7/6, 8/3.
2. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 Platforms > Nortel ASF/NSF
Nortel 5111 Clustering HA with R62 Nortel 5111 Clustering HA with R62
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2008-07-12
Junior Member
  
Join Date: 2006-05-24
Posts: 5
Rep Power: 0
brijesh_techno has an average reputation (10+)
Default Nortel 5111 Clustering HA with R62
Hi,

We had NSF 5111 on R62 in cluster HA, unfortunatly one of the box(FW2) went faulty and now new box has arrived. Ti join new box in cluster what are the steps involved?

HA configuration is such a way that my FW1(Firewall 1) will be always preferred master. Currently FW1 is up and fine and all the traffic is flowing via FW1 only.

We have tried to join the new box (FW2) by factory defaulting FW2 and then join but we are getting error after putting FW2 IP, MIP and admin password
"Unable to contact the system"

At the time of joining its asking following:-

[Setup Menu]

clone - Clone the configuration
join - Join an existing cluster
new - Initialize host as a new installation
boot - Boot menu
info - Information menu
exit - Exit [global command, always available]

>> Setup# join

Setup will guide you through the initial configuration of the Firewall.

Enter port number for the management interface [1-6]: 1

Enter IP address for this machine: 1.1.1.2

Enter network mask [255.255.255.0]:

Enter VLAN tag id (or zero for no VLAN) [0]: 0

The system is initialized by connecting to the management server

on an existing Firewall, which must be operational and initialized.

Enter the Management IP (MIP) address: 1.1.1.3

Enter the existing admin user password:

...Error:
Unable to contact the system

Please note that I am putting existing admin user password for Firewall 1 which is currently working and master.

1.1.1.1 -- FW1 management interface IP

1.1.1.2 -- FW2 management interface IP

1.1.1.3 -- MIP for the cluster

Please let me know if I am correct.
Reply With Quote
  #2 (permalink)  
Old 2008-07-29
Junior Member
  
Join Date: 2005-12-29
Posts: 19
Rep Power: 0
ngsud has an average reputation (10+)
Default Re: Nortel 5111 Clustering HA with R62
Hi ,

I am not sure how 5111 work as we have 6426 or 6626 Cluster , However you can give it a try .

One way is to login to your fw1 and go to /cfg/pnp/list will give you the cluster member IP address , if you see your fw2 there then del it and app and then again add the same . Make sure when you are adding this the second box should not be connected , apply the settings and then try repluging the second box and see whether its able to join automatically or not , if not then power cycle the second box .

Otherway is the one which you are trying but if possible then try issuing the command /maint/diag/unldplcy that will unload the current policies from the fw1 and then try rejoing the same with the process which you described in your problem . remember that will cost you downtime for sometime . Also verify that you have allowed the firewall network in /cfg/sys/accesslist/ .

Regards,
Sudhir
Reply With Quote
  #3 (permalink)  
Old 2008-09-03
Junior Member
  
Join Date: 2008-09-02
Posts: 2
Rep Power: 0
shridhar76 has an average reputation (10+)
Default Re: Nortel 5111 Clustering HA with R62
Hi,

Hey just check the sync cable on both directors. Which should be on another netwok range.

Thanks
shridhar


Quote:
Originally Posted by brijesh_techno View Post
Hi,

We had NSF 5111 on R62 in cluster HA, unfortunatly one of the box(FW2) went faulty and now new box has arrived. Ti join new box in cluster what are the steps involved?

HA configuration is such a way that my FW1(Firewall 1) will be always preferred master. Currently FW1 is up and fine and all the traffic is flowing via FW1 only.

We have tried to join the new box (FW2) by factory defaulting FW2 and then join but we are getting error after putting FW2 IP, MIP and admin password
"Unable to contact the system"

At the time of joining its asking following:-

[Setup Menu]

clone - Clone the configuration
join - Join an existing cluster
new - Initialize host as a new installation
boot - Boot menu
info - Information menu
exit - Exit [global command, always available]

>> Setup# join

Setup will guide you through the initial configuration of the Firewall.

Enter port number for the management interface [1-6]: 1

Enter IP address for this machine: 1.1.1.2

Enter network mask [255.255.255.0]:

Enter VLAN tag id (or zero for no VLAN) [0]: 0

The system is initialized by connecting to the management server

on an existing Firewall, which must be operational and initialized.

Enter the Management IP (MIP) address: 1.1.1.3

Enter the existing admin user password:

...Error:
Unable to contact the system

Please note that I am putting existing admin user password for Firewall 1 which is currently working and master.

1.1.1.1 -- FW1 management interface IP

1.1.1.2 -- FW2 management interface IP

1.1.1.3 -- MIP for the cluster

Please let me know if I am correct.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -7. The time now is 17:01.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.4
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.2.0