Cyberguard TSP with load director from Secure Computing
am 24.08.2007 03:20:46 von me
Hello,
Our organization has been having the most difficult time getting a
Cyberguard TSP with load director to load-balance properly. We are at
the latest patch 6.4.2 and we've had all kinds of problems. For one,
we've seen frames arrive at the interface of the firewall but the
firewall does not pick it up even though the destination MAC address
matches that interface's MAC address. Because the packets don't make
it to the CPU, there's no log of it. It is NOT a firewall rule issue
and this issue happens when load-balancing is turned off ... it is an
ad-hoc problem which means we have slow connectivity .. TCP
retransmissions.
Second issue we have is that the firewall, after upgrading to 6.4.2 is
no longer load-balancing properly. When load-balancing is turned on,
our mail server queue loads up to 5,000 messages because they cannot
get out. When we turn off load-balancing, everything is fine.
They've been a real pain in the butt. We're thinking of dumping them
and possibly going with a Sidewinder seeing they run on BSD as opposed
to Linux (which is what Cyberguard runs on).
Anyways, I was wondering if anyone else has run into these type of
issues with these firewalls....... I've got management to deal with
and these issues are making me look bad (even though it has nothing to
do with me).
FYI... I never picked these firewalls to begin with...
Re: Cyberguard TSP with load director from Secure Computing
am 24.08.2007 03:23:28 von me
I forgot to mention... this is a 3400j model
On Thu, 23 Aug 2007 21:20:46 -0400, me@me.com.no.sspam wrote:
>Hello,
>
>Our organization has been having the most difficult time getting a
>Cyberguard TSP with load director to load-balance properly. We are at
>the latest patch 6.4.2 and we've had all kinds of problems. For one,
>we've seen frames arrive at the interface of the firewall but the
>firewall does not pick it up even though the destination MAC address
>matches that interface's MAC address. Because the packets don't make
>it to the CPU, there's no log of it. It is NOT a firewall rule issue
>and this issue happens when load-balancing is turned off ... it is an
>ad-hoc problem which means we have slow connectivity .. TCP
>retransmissions.
>
>Second issue we have is that the firewall, after upgrading to 6.4.2 is
>no longer load-balancing properly. When load-balancing is turned on,
>our mail server queue loads up to 5,000 messages because they cannot
>get out. When we turn off load-balancing, everything is fine.
>
>They've been a real pain in the butt. We're thinking of dumping them
>and possibly going with a Sidewinder seeing they run on BSD as opposed
>to Linux (which is what Cyberguard runs on).
>
>Anyways, I was wondering if anyone else has run into these type of
>issues with these firewalls....... I've got management to deal with
>and these issues are making me look bad (even though it has nothing to
>do with me).
>
>FYI... I never picked these firewalls to begin with...