Seeing as that's our site, I'll put the story behind the details.. A
facility we installed this for had SBFC installed and running then
implemented HSRP in front of it.. After we tried unsucessfully to implement
it, StoneBeat sent a representative to get it to work.. After a few days of
fiddling with it, they gave up and went back home. We finally got it to
work with unicast addresses (which in itself opens up new problems) and all
the failover/load balancing tests run just fine. So when using HSRP, since
StoneBeat couldn't get it to work, we just toss the firewalls into unicast
and work with it that way..
// Chris
[EMAIL PROTECTED]
-----Original Message-----
From: Stephen Chiu [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 18, 2001 10:10 PM
To: [EMAIL PROTECTED]
Subject: StoneBeat FW fullcluster with HSRP
Hi guys,
We got a problem during Stonebeat fullcluster for solaris Firewall-1
installation
with HSRP routers. Our 2 firewalls are connected to 2 different Cisco 5500
switches,
which have ISL Vlan with 2 x Cisco 7513 and run HSRP. The problem was,
whatever which firewall was online, fw1, fw2 or both, only one 7513 can
connect to
the firewall's outgoing virtual IP (IP C0 on the gif). We had added static
mapping to
the multicast MAC address on the 5500 and both router can ping 2 firewall's
dedicated IP. The impact was that only those ISP connected
to the OK router could access the firewall protected site.
Does anyone has experience on SBFC with HSRP and ISL trunk?
Some website says SBFC multicast doen't work with HSRP, is it true?
(http://www.intersec.com/support/stonebeat/sb_cluster.htm)
Please advise.
Thanks and regards,
Stephen
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
