Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS

111

112

113

114

115

116

117

118

119

120

Chapter 2 Troubleshooting Active Network Management Debugging the Connect Control Module

Advanced Technical Reference Guide 4.1 • June 2000 111

How long does the Persistent Server Mode last?

The Persistent Server Mode allows a specific client to be assigned a specific server for the duration of the

Persistent Server timeout, the default being 30 minutes.

The default persistency timeout is 30 minutes and is refreshable (every new connection to the

persistent server will reset the timer). It is defined in the

'$FWDIR/lib/table.def'

file on the

management module machine as follows:

#define LOGICAL_CACHE_TIMEOUT 1800

To change the default timeout, change the value 1800 (seconds) to the desired value in seconds and

reinstall the policy.

See SecureKnowledge Solution (ID 10022.0.1112954.2441351) in the Check Point Technical Services site.

How to get a connection to switch to the next server immediately after

the server failed

Problem Description: When doing Load Balancing in Persistent mode it takes 30 minutes for the

connection to switch to the next server after the first server has failed

Add the following to the

$FWDIR/lib/fwui_head.def

file under

'get <src,dst,dport,rule>

from

LOGICAL_CACHE_TABLE

sr10

get <sr10, 2> from check_alive to sr6, \

( 3602 - (((sr6 - 2) - tod) %% 3600 ) <= sr7 or \

(delete <src,dst,dport,rule> from LOGICAL_CACHE_TABLE)), \

Install the policy.

The switch to the next server will occur after about 30-60 seconds (the

logical_servers_timeout

in the

objects.C

file will affect the switch time)

See SecureKnowledge Solution (ID 10043.0.6634086.2622727) in the Check Point Technical Services site.

Load Balancing does not work properly when using Persistent Server

Mode

The Persistent Server Mode allows a specific client to be assigned a specific server for the duration of the

Persistent Server timeout, the default being 30 minutes.

The client identifier is limited to the IP address only. Thus, if you have 5 hide NAT clients with the

same valid IP address coming in, they will all be assigned to the same persistent mode server.

Cause of this problem: There is no way to distinguish between different clients if they are coming from

the same IP, for example an HTTP proxy

See SecureKnowledge Solution (ID 10022.0.1112971.2441351) in the Check Point Technical Services site.

How to synchronize the logical_cache table

In a synchronized environment, you may also want to synchronize the cache table, which is not synchronized by

default.

To do so,

1. Edit the table.def file and in the cache table definition add the attribute ‘Sync’as in the following

example