Manualshelf

Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS
101102103104105106107108109110
Chapter 9 Troubleshooting Active Network Management Resolving Common Synchronization Problems
Advanced Technical Reference Guide 4.1 June 2000 100
Resolving Common Synchronization Problems
This section lists some common problems and solution from the Check Point Technical Services
SecureKnowledge knowledge base.
How to add a table to the Synchronization Tables
In the '$FWDIR/lib/table.def' file, search for the table that has to be synchronized, and add the string 'sync' to it.
See the SecureKnowledge Solution (ID: 10043.0.3280520.2559405) in the Check Point Technical Services site
Support for High Availability for IPSec/IKE
VPN-1 Gateway V4.1 state-table synchronization has been enhanced to handle IPSec/IKE session information,
enabling high availability solutions which maintain IPSec/IKE connections during fail-over. IPSec/IKE
synchronization and fail-over capabilities support both site-to-site and client-to-site VPN connections. These
enhancements also enable third-party products to do load balancing between VPN-1 Gateways. High
Availability solutions that leverage these capabilities are offered both by Check Point and by OPSEC partners.
Note that IKE synchronization is a separately licensed (no charge) feature.
Benefits:
Mission-critical VPN gateways are always available
In the event of a failure, users can continue working with complete transparency
See the SecureKnowledge Solution (ID: 36.0.1469927.2500635) in the Check Point Technical Services site
How to verify the state tables on primary and secondary FireWalls are
being synchronized
Run the command, "$FWDIR/bin/fw tab -t connections -s" on both FireWall modules. They should have the
same number of connections if the state is being synchronized
See the SecureKnowledge Solution (ID: 55.0.6588603.2666394) in the Check Point Technical Services site
Will Synchronization work between two gateways that differ in
platform?
The FireWall-1 Synchronization feature works only under the following general conditions:
The two gateways are of the same Operating System, for instance, two NT machines.
The two gateways have to be of the very same FireWall-1 version, including the build number. This means
that, for instance, a FireWall-1 3.0b build 3064 gateway will not be able to synchronize with a FireWall-1
3.0b build 3072 machine.
See the SecureKnowledge Solution (ID: 36.0.216398.2474844) in the Check Point Technical Services site