Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
oscar790806
Contributor

Cluster XL active & standby using VIP access destination ip

Hi guys        

       I found something strange , When active & standby  access syslog server , it using VIP access   destination  , How to solve this problem ?

I try to " fw ctl set int fwha_forw_packet_to_not_active 1 " command , but invalid

actvie ip 192.168.69.1    , standby ip 192.168.69.2 , vip 192.168.69.254 

0 Kudos
7 Replies
PhoneBoy
Admin
Admin

What version/JHF?
That command won't prevent the cluster fold NAT.
Instead, see: https://support.checkpoint.com/results/sk/sk34180 

oscar790806
Contributor

Device version is  R80.40 take 255 

I give it a try https://support.checkpoint.com/results/sk/sk34180  

Thanks!

0 Kudos
the_rock
Legend
Legend

That command should definitely work, what version are you on?

Andy

0 Kudos
oscar790806
Contributor

 R80.40 take 255 

0 Kudos
the_rock
Legend
Legend

What is the error you get?

0 Kudos
the_rock
Legend
Legend

My R81.20 lab fw:

[Expert@quantum-firewall:0]# fw ctl set int fwha_forw_packet_to_not_active 1
[Expert@quantum-firewall:0]# fw ctl set -f int fwha_forw_packet_to_not_active 1
"fwkern.conf" was updated successfully
[Expert@quantum-firewall:0]# more /opt/CPsuite-R81.20/fw1/boot/modules/fwkern.conf
fw_allow_simultaneous_ping=1
fw_clamp_vpn_mss=1200
fwha_forw_packet_to_not_active=1
[Expert@quantum-firewall:0]#

0 Kudos
JozkoMrkvicka
Mentor
Mentor

One of option is to construct manual "no-NAT" rules at the top of the NAT Rule Base for connections from each cluster member to server(s), for the specific service. Manual NAT rules use the IP address of the cluster member that is configured in the Cluster Member property page of the cluster object. If the traffic is going out of a network interface with an address that is not the address in the Cluster Member property page, then create a Host object with the IP address of the cluster member's interface to use in the "no-NAT" rule.

For more options, refer to sk31832.

Kind regards,
Jozko Mrkvicka
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events