CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. Come to CPUG CON 2008 EUROPE in Switzerland on September 8th - 9th!
    Two days full of technical content for Check Point administrators in the beautiful Swiss Alps!
    We already have sign-ups from twelve different countries!
2. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 7/14, 8/25, 10/6, 11/3, 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8.
3. Corrent S3500 SecureXL Turbocards For Sale - Last Six Remaining - Get Your Spares!
4. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > SecureClient/SecuRemote
Reload this Page Secure Client connecting to backup firewall - what am I missing?
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2008-04-24
tvaldes tvaldes is offline
Junior Member
  
Join Date: 2007-02-05
Posts: 5
Rep Power: 0
tvaldes has an average reputation (10+)
Default Secure Client connecting to backup firewall - what am I missing?
I have 2 Nokia IP 330s running NGX R60 on IPSO 3.9

They are set up clustered and seem to work well for normal traffic.

The issue I'm having is when I connect using Secure Client.

Sometimes when I connect the VPN, x.x.x.1 and access the VIP via https, I connect to the backup firewall (x.x.x.3). If I view the VRRP Monitor screen, it shows me that all the interfaces are Backups. When I connect this way, I am unable to access any of my machines.

This doesn't always happen.. Sometimes when I connect and then access the VIPs https interface (x.x.x.1), I am connected to the primary (x.x.x.2).. VRRP Monitor shows that the firewall's interfaces are all Masters... When I connect this way, every thing works fine.

Any idea what I'm missing? I can give you any more information you may need..

thanks,
tom
Reply With Quote
  #2 (permalink)  
Old 2008-04-25
chillyjim chillyjim is offline
Senior Member
  
Join Date: 2005-08-29
Location: Upstate NY
Posts: 1,598
Rep Power: 4
chillyjim has an average reputation (10+)
Send a message via AIM to chillyjim Send a message via Skype™ to chillyjim
Default Re: Secure Client connecting to backup firewall - what am I missing?
You should only be connecting to the VIP. The standby gateway will most likely not process the traffic.
Reply With Quote
  #3 (permalink)  
Old 2008-04-25
tvaldes tvaldes is offline
Junior Member
  
Join Date: 2007-02-05
Posts: 5
Rep Power: 0
tvaldes has an average reputation (10+)
Default Re: Secure Client connecting to backup firewall - what am I missing?
My Secure Remote client is set to connect to the VIP x.x.x.1.. However when I check out the voyager web page of x.x.x.1, the title of the page is FW2 (which is by backup firewall) instead of the master which is FW1.
Reply With Quote
  #4 (permalink)  
Old 2008-04-25
tvaldes tvaldes is offline
Junior Member
  
Join Date: 2007-02-05
Posts: 5
Rep Power: 0
tvaldes has an average reputation (10+)
Default Re: Secure Client connecting to backup firewall - what am I missing?
More info:

I'm wondering if it could have something to do with my Var partition running low and eventually out of space.

My Var partition was at around 98% and then filled up.

I deleted my old logs files and now have plenty of space.

Any idea if this is just a coincidence or the cause?

thanks.
Last edited by tvaldes; 2008-04-25 at 18:57.
Reply With Quote
  #5 (permalink)  
Old 2008-04-27
chillyjim chillyjim is offline
Senior Member
  
Join Date: 2005-08-29
Location: Upstate NY
Posts: 1,598
Rep Power: 4
chillyjim has an average reputation (10+)
Send a message via AIM to chillyjim Send a message via Skype™ to chillyjim
Default Re: Secure Client connecting to backup firewall - what am I missing?
In a word yes.
Reply With Quote
  #6 (permalink)  
Old 2008-04-28
tvaldes tvaldes is offline
Junior Member
  
Join Date: 2007-02-05
Posts: 5
Rep Power: 0
tvaldes has an average reputation (10+)
Default Re: Secure Client connecting to backup firewall - what am I missing?
Well the issue is still happening so clearing space wasn't the fix.

Anyone have any ideas?

thanks.
Reply With Quote
  #7 (permalink)  
Old 2008-04-29
melipla melipla is offline
Senior Member
  
Join Date: 2006-01-25
Posts: 724
Rep Power: 3
melipla has an average reputation (10+)
Default Re: Secure Client connecting to backup firewall - what am I missing?
Quote:
Originally Posted by tvaldes View Post
Well the issue is still happening so clearing space wasn't the fix.

Anyone have any ideas?

thanks.
I'm trusting that you cpstop & cpstarted the cluster members after freeing up disk space?

Otherwise I'd try looking at smartview tracker, filter on control messages and see why the cluster failed over (you'll need to know when it failed over). You can run "cphaprob -a if" from the command line which may tell you why.

Good luck.
__________________
Its all in the documentation.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 19:21.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.0.0