Escolar Documentos
Profissional Documentos
Cultura Documentos
1 of 2
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit...
Search
Live Chat
Print
Favorite
Service Requests
Create Service Request
Solution ID:
Product:
Version:
Platform / Model:
Date Created:
Last Modified:
sk42636
Security Gateway, ClusterXL
All
All
24-Aug-2009
19-Mar-2014
My Service Requests
Contact Us
SYMPTOMS
Connections from the same source pass only through one of the ISP channels and not through both ISP channels per
Round-Robin mechanism when Security gateway is configured with ISP Redundancy in Load Sharing mode.
STAY UP TO
DATE
CAUSE
This behavior is the default design of ISP Redundancy in Load Sharing mode.
SOLUTION
Background:
By default, in ISP Redundancy in Load Sharing mode, connections from the same "Client" located behind the
Gateway/Cluster are sent out the Gateway/Cluster every time over the same ISP channel.
This is a sort of "Client Stickiness" mode. This mode was chosen to be the default, because it is the best way to distribute
connections between two ISP channels without losing communications that use dynamic ports or port redirection (e.g.,
FTP, VoIP, etc).
These are the relevant attributes of the Gateway / Cluster object in the database, which can be changed via GuiDbEdit
Tool:
SUGGESTED
SOLUTIONS
People that viewed this solution
also viewed:
1. SSL Network Extender - Java
Availability
2. Error: UUID is not allowed
through the Rule Base for RPC
traffic.
3. Reports generated by Eventia
Reporter show rule UUID instead of
rule number
Procedure:
Close all SmartConsole windows (SmartDashboard, SmartView Tracker, etc).
Connect to Security Management Server with GuiDbEdit Tool.
In the upper left pane, go to 'Table' - 'Network Objects' - 'network_objects'.
In the upper right pane, select the relevant Gateway object (in Class Name column appears as 'gateway_ckp') /
select the relevant Cluster (in Class Name column appears as 'gateway_cluster').
In the lower pane, in Field Name column - find firewall_settings - scroll down to misp_cache_use_cln and
misp_cache_use_srv parameters.
Right-click on the parameter - choose 'Edit...'.
Change the Value of the parameter - click 'OK':
Since there are 2 parameters and each parameter has 2 possible values, there are 4 possible configurations:
1. (misp_cache_use_cln = true) and (misp_cache_use_srv = false) - all connections from the same
"Client" will be sent out over the same ISP channel (each Source IP address is cached independently from
other Source IP addresses).
12/9/2014 9:27 PM
2 of 2
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit...
3. (misp_cache_use_cln = true) and (misp_cache_use_srv = true) - all connections from the same
"Client" to the same "Server" will be sent out over the same ISP channel (each Source and Destination IP
addresses are cached independently from other Source and Destination IP addresses).
4. (misp_cache_use_cln = false) and (misp_cache_use_srv = false) - all connections will be sent out
randomly over both ISP channels - not recommended.
Related Solutions:
sk23630 (Advanced configuration options for ISP redundancy)
sk25152 (Static (Hide) NAT fails for outgoing connections through gateway with ISP Redundancy in Load Sharing
mode)
Give us Feedback
Rate this document
[1=Worst,5=Best]
Additional comments...(Max 2000 characters allowed)
12/9/2014 9:27 PM