[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] HA Nokia solution question
You can write a script to check the fw-1 process and then use dbset to force a failover by shutting down an interface. IPSO: dbset / VRRP failover Disabling/Enabling an interface in IPSO -VRRP administrative fail-over IPSO (Operating system), for version: 3.2.1 And Later last update:05/22/2001 12:07:09 The dbset command can be used to toggle the physical status of an interface to off or on. Once the dbset command has been issued you will notice that the physical status of the interface in Voyager (after a refresh) will have changed accordingly. If the interface is on the Master of a VRRPmc configuration, VRRP switch over will occur when the port is turned off. Turning the port back on will cause the VRRP pair to re-switch. Thus it is possible to control VRRP fail over from command line without having physical access to box or changing PRIORITY value. SOLUTION If you want to turn off the physcal status of, for example, ethernet eth-s4p1, enter the following dbset command: zeus[admin]# dbset ifphys:eth-s4p1:state off And to turn the port on enter the dbset command: zeus[admin]# dbset ifphys:eth-s4p1:state on PGP Key ID: 0xD29C5333 PGP Fingerprint: 7819 ADAF 1246 9858 CAE5 D09C C31A AC06 D29C 5333 ----- Original Message ----- From: "Davis, Scott" <[email protected]> To: <[email protected]> Sent: Wednesday, January 30, 2002 2:10 PM Subject: Re: [FW-1] HA Nokia solution question > That is correct, if the firewall process stops the VRRP does not fail over. > Only if the interface fails does the firewall failover. > > Thanks, > Scott Davis > Internet Security Specialist > T.Rowe Price > > -----Original Message----- > From: Idan Dolev [mailto:[email protected]] > Sent: Wednesday, January 30, 2002 8:05 AM > To: [email protected] > Subject: [FW-1] HA Nokia solution question > > > Hi, > > We are investigating Nokia HA solution against Stonebeats and Rainwall. > Is it true that Nokia only checks the interface ? can the firewall process > be down and still the vrrp check will be o.k. since the interface is up ?. > > beside the prices, are there any other main issue I should take in mind ? > > Regards, > > Idan Dolev > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|