PDA

View Full Version : Load Sharing – problem with http



ppawlo
2009-12-16, 19:36
Hello Everyone, we have two ISP connections. I sow, when I set Load Sharing the web pages are not opened when the FW try to open it by the Second ISP. In logs everything looks good – are green ;-).
I run fw monitoring I sow something like that:

eth0:i[52]: 192.168.0.100 -> 212.77.100.101 (TCP) len=52 id=21486
TCP: 52333 -> 80 .S.... seq=77f2c45c ack=00000000
eth0:I[52]: 192.168.0.100 -> 212.77.100.101 (TCP) len=52 id=21486
TCP: 52333 -> 80 .S.... seq=77f2c45c ack=00000000
eth1:o[52]: 192.168.0.100 -> 212.77.100.101 (TCP) len=52 id=21486
TCP: 52333 -> 80 .S.... seq=77f2c45c ack=00000000
eth4:O[52]: 195.93.203.58 -> 212.77.100.101 (TCP) len=52 id=21486
TCP: 10036 -> 80 .S.... seq=77f2c45c ack=00000000
eth0:i[52]: 192.168.0.100 -> 212.77.100.101 (TCP) len=52 id=21519
TCP: 52333 -> 80 .S.... seq=77f2c45c ack=00000000
eth0:I[52]: 192.168.0.100 -> 212.77.100.101 (TCP) len=52 id=21519
TCP: 52333 -> 80 .S.... seq=77f2c45c ack=00000000
eth1:o[52]: 192.168.0.100 -> 212.77.100.101 (TCP) len=52 id=21519
TCP: 52333 -> 80 .S.... seq=77f2c45c ack=00000000
eth4:O[52]: 195.93.203.58 -> 212.77.100.101 (TCP) len=52 id=21519
TCP: 10036 -> 80 .S.... seq=77f2c45c ack=00000000
eth0:i[48]: 192.168.0.100 -> 212.77.100.101 (TCP) len=48 id=21585
TCP: 52333 -> 80 .S.... seq=77f2c45c ack=00000000
eth0:I[48]: 192.168.0.100 -> 212.77.100.101 (TCP) len=48 id=21585
TCP: 52333 -> 80 .S.... seq=77f2c45c ack=00000000
eth1:o[48]: 192.168.0.100 -> 212.77.100.101 (TCP) len=48 id=21585
TCP: 52333 -> 80 .S.... seq=77f2c45c ack=00000000
eth4:O[48]: 195.93.203.58 -> 212.77.100.101 (TCP) len=48 id=21585
TCP: 10036 -> 80 .S.... seq=77f2c45c ack=00000000

Eth0 – LAN
Eth1 – ISP 1 (Primary)
Eth4 – ISP 2 (Secondary).

The information from fw monitoring are strange. Before the packet is going ETH4: O is going ETH1: o. (not ETH4: o) Is it a normal?
The client then could not open the web pages with notice “to long waintig” or something like that.
Have you got any idea what I do wrong?

Of course I am using NGX R65 with HFA50. – SPLAT.

Regards
Pawel

ppawlo
2009-12-17, 18:33
Hi everyone. It was my mistake, I solve the problem ;-).
BTW, if the GW is runing on sPLAT and has two Internet Conection. Worikng as Load Sharing. Is posible to Checkpoint NGX R65 by Windows to establish VPN connection with ISP 2 on SPLAT (when the ISP 1 is going down)?

Regards
Pawel