<div>
Things to check bud are the sync net stats:<br />
<br />
fw ctl pstat<br />
<br />
and look for similar type reports, ie similar sent and receive as well as no drops<br />
<br />
also double check for cpu and ram usage
</div>


Things to check bud are the sync net stats:

fw ctl pstat

and look for similar type reports, ie similar sent and receive as well as no drops

also double check for cpu and ram usage

<div>
The problem was that SecureXL was enabled on the new FW and disabled in our current environment. Once we disabled the SecureXL, connections would not increase and failover was seamless.<br />
<br />
THank you.
</div>


The problem was that SecureXL was enabled on the new FW and disabled in our current environment. Once we disabled the SecureXL, connections would not increase and failover was seamless.

THank you.

<div>
Yes, it was the SECUREXL service that was keeping this from working properly. We also uncovered a few minor configuration issues such as igmp and portfast issues.
</div>


Yes, it was the SECUREXL service that was keeping this from working properly. We also uncovered a few minor configuration issues such as igmp and portfast issues.

<div>
<div class="content wysiwyg-content">
I have an IP380 and IP380 running IPSO 4.2 HA / VRRP clustering. Active / Backup configuration. When we fail over to the IP390 everything seems to be fine for a couple days hoewever when we get a load on the device subnets and traffic start to get unresponsive completely and/or become very sluggish and inconsistant. <br />
<br />
We have our core switch, CAT 4006, which accomodates most of our VLAN traffic, configured to point to our Checkpoint VIP for it's default route. <br />
<br />
Before getting into much detail, has any one heard of or experiened a similar sitation?
</div>
</div>


I have an IP380 and IP380 running IPSO 4.2 HA / VRRP clustering. Active / Backup configuration. When we fail over to the IP390 everything seems to be fine for a couple days hoewever when we get a load on the device subnets and traffic start to get unresponsive completely and/or become very sluggish and inconsistant. 

We have our core switch, CAT 4006, which accomodates most of our VLAN traffic, configured to point to our Checkpoint VIP for it's default route. 

Before getting into much detail, has any one heard of or experiened a similar sitation?

Checkpoint NG65 - HA Failover issue with IP380 and IP390

Software firewalls, also known as host-based firewalls, provide a layer of software on one host that controls network traffic in and out of that single machine. Most operating systems now include firewall software, but many available software firewalls include central distribution, antivirus systems and disaster recovery.

Software Firewalls

A router is a networking device that forwards data packets between computer networks. Routers perform the "traffic directing" functions on the Internet. The most familiar type of routers are home and small office cable or DSL routers that simply pass data, such as web pages, email, IM, and videos between computers and the Internet. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers has grown increasingly common.