[fw1-gurus] Installed HFA04 of R60 and TCP Out of order problems

["Jeff Peterson" <jeff.peterson2@xxxxxxxxx>]

I completed a install of HFA04 over the Xmas holiday and have a couple
of new problems.  Neither of which have I dealt with before.

The install is Splat running ClusterXL in HA Mode. 2 nodes.

First and foremost is I'm now seeing with fw monitor captures a high
number of TCP out of order packets from nearly every interface on the
Firewalls.  This is causing a problems with TCP resets and timeouts on
the hosts on the various networks.  I've tried downing the second node
both with cphastop and with a full cpstop and the primary continues to
see the out of order sequences.

Has anyone run into this, or have a clue where to look.  The only
thing I've found thus far is asynchronous routing.  But that can't be
the case as it's on multiple networks and multiple switches.

Secondly is I've found my X-over connection for Cluster sync no longer
works.  Both interfaces are forced speed and duplex and are able to
ping one another so the cable is good.  The problem is the second node
oscillates between down and standby.  Checkpoint support had me change
the cable (which no surprise was to no avail).  I did notice in the
release notes that they updated the drive for the nic cards.  The
question with this would be why would all the other interfaces on the
same cards (they are quad cards) work just fine and only the x-over
connection not?

I'll take any ideas or suggestions as support hasn't given me anything
worthwhile yet to go on.

--
Jeff Peterson

---------------------------------------------------------------------
FireWall-1 Gurus Mailing List (http://fw1-gurus.phoneboy.com/)
To unsubscribe, mailto:fw1-gurus-unsubscribe@xxxxxxxxxxxxxxxxxx
For additional commands, mailto:fw1-gurus-help@xxxxxxxxxxxxxxxxxx