|
Posted by pop_alex on April 13, 2006, 10:24 am
If you were Registered and logged in, you could reply and use other advanced thread options
Dear experts,
I had a problem with our firewall cluster which doesn't work properly
due to the synchronization error as stated below:
*fwe3 firewall*
Apr 13 11:05:40 fwe3xxx.xxxx.xx fw: [ID 544343 kern.notice] CPHA: Found
another machine with same cluster ID. There is probably another cluster
Apr 13 11:05:40 fwe3xxx.xxxx.xx connected to the same switch/hub as
this
one.
Apr 13 11:05:40 fwe3xxx.xxxx.xx fw: [ID 407823 kern.notice] CPHA: This
is an illegal configuration. Each cluster should be connected to
another
set of switches/hubs.
The firewall's H.A link detected that its partner is down.
Cluster Mode: Sync only (OPSEC)
Number Unique Address Firewall State (*)
1 10.1.0.1 down
2 (local) 10.1.0.3 active
(*) FW-1 monitors only the sync operation and the security policy
Use OPSEC's monitoring tool to get the cluster status
and it is similar to fwe1 firewall as shown below.
*fwe1 firewall
*Apr 13 11:05:30 fwe1xxx.xxxx.xx fw: CPHA: Found another machine with
same cluster ID. There is probably another cluster
Apr 13 11:05:30 fwe1xxx.xxxx.xx connected to the same switch/hub as
this
one.
Apr 13 11:05:30 fwe1xxx.xxxx.xx fw: CPHA: This is an illegal
configuration. Each cluster should be connected to another set of
switches/hubs.
Cluster Mode: Sync only (OPSEC)
Number Unique Address Firewall State (*)
1(local) 10.1.0.1 active
2 10.1.0.3 down
(*) FW-1 monitors only the sync operation and the security policy
Use OPSEC's monitoring tool to get the cluster status
How to fix this? FYI, I'm using RainWall 3.1 SP5 and Check Point NG AI
R55 HFA15. Please help me on this matter.
Thanks very much.
Regards,
Al
| 
XML site map