East, Bill wrote:
1) Interface by interface, it does not seem to make a difference.
2) Ran out of Ethernet ports. I may have to rectify this.
As another list member said, what does 'cphaprob -a if' shows on both
members ?
My suggestion would be to get two more ethernet cards and use a
I would definitely go for an extra interface on each member exclusively for
sync, BUT using a crossover cable for such purposes is not recommended. Te
reason is in case of a cable failure, there is not reference point for both
members to find out which one is having problems as both loose link on
Sergio Alvarez wrote:
I would definitely go for an extra interface on each member exclusively for
sync, BUT using a crossover cable for such purposes is not recommended. Te
reason is in case of a cable failure, there is not reference point for both
members to find out which one is having
I am not sure how a ClusterXL ever going to work with a crossover cable
because there are 3 devices involved in the SYNC network.
2 Gateways and 1 (or more, if you have Management backup) Management
server, all 3 devices have to have a SYNC network defined.
This is the way; I always built a
I have seen it my friend... believe me, it happens.
On Wed, Sep 17, 2008 at 7:06 AM, Eugeniu Patrascu [EMAIL PROTECTED]wrote:
Sergio Alvarez wrote:
I would definitely go for an extra interface on each member exclusively
for
sync, BUT using a crossover cable for such purposes is not
Ahem, you're not actually synching the connections table with your management
server, do you? What I think, you mean it the management lan, if you have a
dedicated one. But synching is usually done between the enforcement modules,
where I prefer dedicated network interfaces as well.
My $.02
Now that I have a bit more time to look at it:
[ccfw0808b]# cphaprob -a if
Required interfaces: 2
Required secured interfaces: 1
eth0 UP sync(secured), multicast
eth1 UP non sync(non secured), multicast
Virtual cluster interfaces: 2
eth0
Previtera, Sal wrote:
I am not sure how a ClusterXL ever going to work with a crossover cable
because there are 3 devices involved in the SYNC network.
2 Gateways and 1 (or more, if you have Management backup) Management
server, all 3 devices have to have a SYNC network defined.
you have
It looks like you have a problem with your switch not allowing
multicast. If you have a Cisco switch, then you might have the no ip
igmp snooping option turned on which would prevent the synchronization
from occurring correctly (at least this is what has happened in my
experience).
You could
you have it wrong somewhere. only the two enforcement points need to
have a sync network.
You possibly rightno argument there.
But is working when including the management server on the SYNC side and
never had an issue doing it the wrong way and never used a crossover
cable, only
Yes... Roger.
Your way and others is cleaner way of doing it...
but in my case the SYNC and management LAN is combined on a single interface,
single VLAN.
GIG interface cards on all servers/gateways and GIG ports on the Switch on a
dedicated non-routable VLAN.
Some time ago, when initially set
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Matthew Odendaal [EMAIL PROTECTED] wrote:
It looks like you have a problem with your switch not allowing
multicast. If you have a Cisco switch, then you might have the no ip
igmp snooping option turned on which would prevent the
synchronization
Thanks for the suggestion.
Is there a rule that needs to be created to allow the broadcast traffic
to propagate, or will it be passed due to implicit rules?
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf
Of Matthew Odendaal
13 matches
Mail list logo