Professional Documents
Culture Documents
27 April, 2010
More Information
The latest version of this document is at:
http://supportcontent.checkpoint.com/documentation_download?ID=10703
For additional technical information about Check Point visit Check Point Support Center
(http://supportcenter.checkpoint.com).
Feedback
Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your
comments to us (mailto:cp_techpub_feedback@checkpoint.com?subject=Feedback on VPN-1 NGX R65
HFA 70 Release Notes).
Introduction .............................................................................................................4
What's New ......................................................................................................... 4
Supported Versions, Platforms, and Builds..........................................................6
Supported Platforms ............................................................................................ 6
Supported Versions ............................................................................................. 7
Supported Builds ................................................................................................. 7
Installation ...............................................................................................................9
Required Disk Space ........................................................................................... 9
Installing with SecurePlatform WebUI - Appliance and Open Server ..................10
Verifying Installation with SecurePlatform Web User Interface .......................10
Installing on SecurePlatform Open Server ..........................................................10
Installing on Solaris, Linux, and IPSO Disk-Based ..............................................11
Installing on IPSO Flash-Based ..........................................................................12
Installing on Windows .........................................................................................13
Installing with SmartUpdate ................................................................................13
Updating Customized INSPECT Files ................................................................14
Installing HFA on Clusters ..................................................................................14
Upgrading from IPSO 6 to IPSO 6.2 ...................................................................16
Installing IPSO 6.2 Using Network Voyager ...................................................16
Installing IPSO 6.2 Using the Command Shell ...............................................16
Uninstallation ........................................................................................................18
Uninstalling with SecurePlatform Web User Interface .........................................18
Uninstalling with Command Line.........................................................................18
Uninstalling with SmartUpdate ............................................................................19
Uninstalling from Windows .................................................................................19
Post-Uninstall Notes ...........................................................................................19
Resolved Issues in NGX R65 HFA 70 ..................................................................20
Firewall ...............................................................................................................20
Management ......................................................................................................23
SmartDefense ....................................................................................................24
ClusterXL ...........................................................................................................24
VOIP ..................................................................................................................25
SSL Network Extender .......................................................................................25
SmartLSM ..........................................................................................................25
Eventia Reporter/Analyzer ..................................................................................26
SmartView Monitor .............................................................................................27
Known Limitations ................................................................................................28
SecurePlatform...................................................................................................28
SecurePlatform Web User Interface ...................................................................29
IPSO ..................................................................................................................29
Windows.............................................................................................................29
VPN-1 Edge/Embedded .....................................................................................30
Database Revisions............................................................................................30
Endpoint Connect ...............................................................................................30
Connectra...........................................................................................................30
Eventia Analyzer and Reporting Server ..............................................................31
ClusterXL ...........................................................................................................31
Introduction
Thank you for updating your Check Point products with VPN-1 NGX R65 HFA 70 (Hotfix Accumulator). This
HFA includes all fixes and improvements from all previous NGX R65 HFAs and is the recommended update
for NGX R65.
Please read this document and the NGX R65 Known Limitations
(http://supportcontent.checkpoint.com/solutions?id=sk36267) carefully before installing this HFA.
What's New
Highlights of NGX R65 HFA 70 include the following:
MDS - When Management High Availability synchronization is triggered, the Inspect files from the CMA
template of the active MDS will overwrite the Inspect files in the CMA templates of any standby MDSs.
For more information about management High Availability file synchronization, see the Management High
Availability chapter of the R65 SmartCenter Administration Guide
(http://supportcontent.checkpoint.com/documentation_download?ID=7256) or the High Availability chapter
of the R65 Provider-1 Administration Guide
(http://supportcontent.checkpoint.com/documentation_download?ID=7251).
vsx_util Enhancements
Enhancements to the vsx_util command include improved user experience and additional functionality.
Additional command line arguments provide more efficient ways to invoke vsx_util commands.
Improved vsx_util vsls command that provides a persistent, centrally managed method for manually
configuring VSLS distribution. The vsx_util redistribute_vsls and vsx_util vsls commands
Introduction Page 4
have been consolidated into a single menu, allowing administrators to easily update the configuration,
export configurations to a CSV file, edit the configuration file and import configurations.
Two new commands are added to vsx_util. These commands are supported for SPLAT and Crossbeam
VSX modules.
vsx_util change_interfaces - This new command allows you to automatically replace existing
interfaces with new interfaces on all virtual devices to which the existing interfaces connect. This
command is useful when converting from open server deployment to appliance and when converting
a deployment to use Link Aggregation, especially where VLANs connect to many virtual devices.
vsx_util show_interfaces - This new command allows you to view information for a
selected interface, including interface types, connections to virtual devices, and IP addresses.
The output appears on the screen and is also saved to the interfacesconfig.csv file.
Introduction Page 5
Supported Versions, Platforms, and
Builds
In this Section
Supported Platforms 6
Supported Versions 7
Supported Builds 7
Supported Platforms
The following platforms are supported for VPN-1 NGX R65 HFA 70:
Platform Version
UTM-1 Models 130, 270, 450, 570, 1050, 1070, 2050, 2070, 3070
Windows 2000 Server and Advanced Server SP1-SP4, 2003 Server SP1-SP2
Solaris 8, 9, 10
Note - This HFA is not supported for installation on NGX R65 with CoreXL.
NGX R65 with R65 VSX Management Update (and revision 2) YES
Supported Builds
To verify you have the HFA described in this document: extract the contents of the tgz package you
downloaded and open the take_number.conf file using a text editor. Verify that it contains: take_67.
Take 67 of NGX R65 HFA 70 consists of the following builds:
MDS 620670004 The output of fwm mds ver should appear similar to:
This is Check Point Provider-1 Server NGX (R65)
HFA_70, Hotfix 670 - Build 004
Note - To install the HFA on Power-1 and UTM-1 appliances, you may use SmartUpdate or
the SecurePlatform Web User Interface.
Note - It is safe to delete the downloaded .tgz file after it is extracted in order to allow
more disk space for installation.
Platform To download and extract To install
Installation Page 9
Installing with SecurePlatform WebUI -
Appliance and Open Server
Use the Web User Interface to install this HFA on Check Point Power-1, UTM-1, Smart-1 appliances, or on
open servers running SecurePlatform.
Before installing this HFA on SecurePlatform with Web User Interface, make sure to take a snapshot of the
machine.
To install NGX R65 HFA 70 with SecurePlatform Web User Interface:
1. Download the HFA file: Check_Point_NGX_R65_HFA_70.linux.tgz
(http://supportcontent.checkpoint.com/file_download?id=10681)
2. Connect to the SecurePlatform Web User Interface:
Open server: https://<IP>
Appliance: https://<IP>:4434
3. Open the Upgrade page:
Open server: Device > Upgrade
Appliance: Appliance > Upgrade
4. In the Upgrade Steps pane, browse to the downloaded HFA.
5. Click the Upload package button.
6. In the Safe Upgrade step, make sure the Save a snapshot of the current system check box is
selected.
Important - Be sure that all GUI applications are closed and then to select the option that
takes a snapshot of the machine, before installing an HFA.
Important - After upgrading, move the snapshot file from the Desktop to a pathname
without spaces. This must be done before attempting to restore the machine.
Installation Page 10
Note - Before upgrading or uninstalling HFAs on SecurePlatform
operating systems, it is highly recommended that you take a snapshot
of the machine. For details refer to sk42329
(http://supportcontent.checkpoint.com/solutions?id=sk42329).
On Power-1 and UTM-1 appliances, the snapshot file is stored in:
/var/log/CPsnapshot/snapshots/NGX_R65_/
On open-servers, the snapshot files is stored in:
/var/CPsnapshot/snapshots
Important - NGX R65 HFA_70 can only be installed on gateways running IPSO 4.2 or 6.2.
To install NGX R65 HFA_70 on a gateway currently running IPSO 4.2 you must first
upgrade your IPSO OS to IPSO 4.2 Build 106a04 (MR8) or higher. Instructions for
upgrading to IPSO 4.2 are found in the Getting Started Guide and Release Notes for
Check Point IPSO 4.2 MR8a (Build 106a04)
(http://supportcontent.checkpoint.com/file_download?id=10743).
To install NGX R65 HFA_70 on a gateway currently running IPSO 6.0 or 6.1, you must
first upgrade your IPSO OS to IPSO 6.2 ("Upgrading from IPSO 6 to IPSO 6.2" on page
16).
1. Create a temporary directory on /opt: mkdir /opt/hfa
2. Navigate to the new directory: cd /opt/hfa
3. Verify that there is enough free disk space for the installation of the HFA packages.
4. Download the HFA file for your platform to /opt/hfa.
Solaris: Check_Point_NGX_R65_HFA_70.solaris2.tgz
(http://supportcontent.checkpoint.com/file_download?id=10680)
Linux: Check_Point_NGX_R65_HFA_70.linux.tgz
(http://supportcontent.checkpoint.com/file_download?id=10681)
IPSO 4.2: Check_Point_NGX_R65_HFA_70.ipso.tgz
(http://supportcontent.checkpoint.com/file_download?id=10682)
IPSO 6.2: Check_Point_NGX_R65_HFA_70.ipso6.tgz
(http://supportcontent.checkpoint.com/file_download?id=10684)
5. Extract the contents.
6. Execute: ./UnixInstallScript and follow on-screen instructions.
7. Reboot the machine.
Installation Page 11
Installing on IPSO Flash-Based
This HFA can be installed on IPSO Flash-based platforms running IPSO 4.2 or 6.2. You must follow the
steps precisely to avoid installation problems.
Important - NGX R65 HFA_70 can only be installed on gateways running IPSO 4.2 or 6.2.
To install NGX R65 HFA_70 on a gateway currently running IPSO 4.2 you must first
upgrade your IPSO OS to IPSO 4.2 Build 106a04 (MR8) or higher. Instructions for
upgrading to IPSO 4.2 are found in the Getting Started Guide and Release Notes for
Check Point IPSO 4.2 MR8a (Build 106a04)
(http://supportcontent.checkpoint.com/file_download?id=10743).
To install NGX R65 HFA_70 on a gateway currently running IPSO 6.0 or 6.1, you must
first upgrade your IPSO OS to IPSO 6.2 ("Upgrading from IPSO 6 to IPSO 6.2" on page
16).
Important - Only the administrator running the installation process can be logged into the
server during the installation. No other console or SSH session can be open during the
installation.
Installation Page 12
6. Extract the contents to /opt/hfa: tar –zxvf Check_Point_NGX_R65_HFA_70.ipso_Flash.tgz -C
/opt/hfa
7. Delete the *.tgz file to save flash disk space.
8. Navigate to the /opt directory: cd /opt
9. Move the hfa directory to admin: mv /opt/hfa /var/emhome/admin/
10. Navigate to the /var/emhome/admin/hfa directory: cd /var/emhome/admin/hfa
11. Install the HFA: ./UnixInstallScript
12. Reboot the machine.
13. After reboot, remove the hfa directory: rm -rf /var/emhome/admin/hfa
Installing on Windows
To install NGX R65 HFA 70 on Windows NGX R65:
1. Verify that there is enough free disk space for the installation of the HFA packages.
2. Download the HFA file: Check_Point_NGX_R65_HFA_70.windows.tgz
(http://supportcontent.checkpoint.com/file_download?id=10679)
3. Extract the packages.
4. Run Setup.bat
5. Reboot the machine.
Important - After completing the installation, IPSO 6.2 gateways must be rebooted
manually.
Note - If after installing this HFA on a Windows machine the gateway does not accept
traffic, re-install the policy.
Installation Page 13
Updating Customized INSPECT Files
The SmartCenter server contains several INSPECT (*.def) files, typically located in the $FWDIR/lib
directory. This HFA may include one or more updated INSPECT files, which replace the files currently in
use.
For environments using only original Check Point INSPECT files, the updated INSPECT files are installed
automatically: the previous *.def files are replaced with the new ones.
If even one INSPECT file was manually customized, none of the new INSPECT files replace the previous
ones. The following message appears:
The updated inspect files were NOT installed due to signature mismatches or errors.
To complete the installation replace the inspect files.
Inspect files that were not replaced may lead to unexpected behavior!
To force update of the inspect files run: update_inspect_files -f
If the files were not replaced (signature mismatch message displayed), you must force the INSPECT files to
be updated.
Important - You must replace the previous files. If you do not, unexpected behavior may
result.
Installation Page 14
The maximum number of cluster members that is supported in ClusterXL mode is five; in third-party
mode the maximum is eight.
Installation Page 15
Upgrading from IPSO 6 to IPSO 6.2
R65 HFA_70 now supports IPSO 6.2. To install HFA_70 on a gateway running IPSO 6.0 or 6.1, you must
first upgrade your IPSO OS to version 6.2.
Installation Page 16
7. Enter the ipso.tgz pkg name, and press Enter.
Note - On some appliances, installing the image can take some time.
The newimage program might display the message “Setting up new
image...” for a few minutes with no other sign of activity.
8. After the upgrade process completes choose the image to run. For example, choose Newly
Installed image.
9. Reboot the machine. At the prompt type reboot
10. Verify the current image by running: uname -a
6.2 should be the current IPSO image.
Now you have IPSO 6.2 installed and you are ready to upgrade the gateway to R65 HFA_70.
Installation Page 17
Uninstallation
In this Section
Uninstallation Page 18
Uninstalling with SmartUpdate
You can use SmartUpdate to remotely uninstall this HFA on gateways of all platforms, except IPSO.
To uninstall with SmartUpdate:
1. Make sure SmartDashboard is closed.
2. Open SmartUpdate.
3. From the Packages menu choose Get Data From All.
4. Right-click each package with Minor_Version value of R65_70 and choose Uninstall in the following
order:
VPN-1 Power/UTM
Performance Pack (for SecurePlatform and Solaris gateways, if installed)
Post-Uninstall Notes
After uninstalling this HFA from a management server machine which had plug-ins installed, you may find
that policy installation is not functioning correctly. To fix this issue, execute: plugin_reset
After uninstalling this HFA from a SecurePlatform machine, the login prompt may still display Check Point
SecurePlatform NGX (R65) HFA 70 as the installed version, because the SecurePlatform package was
not uninstalled. Use the fw ver command to see the current version.
Uninstallation Page 19
Resolved Issues in NGX R65 HFA 70
In this Section
Firewall 20
Management 23
SmartDefense 24
ClusterXL 24
VOIP 25
SSL Network Extender 25
SmartLSM 25
Eventia Reporter/Analyzer 26
SmartView Monitor 27
Installing this HFA provides performance enhancements and functionality fixes to Check Point Suite NGX
R65. It includes fixes of previous NGX R65 HFAs. A complete list of resolved issues in NGX R65 and
previous HFA versions is in sk42318 (http://supportcontent.checkpoint.com/solutions?id=sk42318).
Note - The numbers associated with each issue below are reference numbers in Check Point’s
internal database. Refer to this number if you contact Check Point Support about an issue.
If you have previously installed a hotfix provided by Check Point, search for the tracking number
of the hotfix (not to be confused with the build number) in this document.
If your hotfix is not included in this HFA (or if you do not have the number of the hotfix),
contact Check Point Support (http://supportcenter.checkpoint.com) before installing this
HFA.
If your hotfix is not included in the HFA, installing this HFA may overwrite the hotfix.
Note - When you use the fw ctl set int command to set a parameter, the parameter will
revert back to its original value after reboot.
For more instructions on how to set a global parameter, refer to SecureKnowledge article
sk26202 (http://supportcontent.checkpoint.com/solutions?id=sk26202).
Firewall
ID Description Install On
00505513, Improved stability of fwd cpu usage regarding cluster related Gateway
operations.
00423573
00506176, Improved stability in cluster environment when using VoIP and/or the Gateway
following IPS protections: Header Spoofing, Directory Listing, Error
00361444,
Concealment, ASCII only response headers or any IPS protection for
00361452, which “send error page” is enabled.
00361453,
00361454,
00412775,
00433069,
00496185
00526440, Improved stability of fwd when dynamic object incorrectly defined. Gateway
00521934,
00528269
00517097 Improved security for connections to the ICA management portal over SmartCenter server
OpenSSL.
00519239
00496433, Improved stability of fwd during log purge operations. SmartCenter server
and Gateway
00404972,
00405134,
00405136,
00405138,
00405140,
00407420,
00510266,
00512372,
00511796,
00409445,
00425647,
00434513
00495534, Includes updated list of Skinny message types to be allowed by the Gateway
gateway.
00498495,
00499355,
00526954
Management
ID Description Install On
00505535, Improvements to policy compilation fix an issue that could have SmartCenter server
occurred when CPDShield and other dynamic objects are used in
00503342
rules.
00510980, Improved stability when listing large Account Units in the SmartCenter server
SmartDashboard.
00519517
00450225, Enhancements to the fwm process fixed memory leak which occurred SmartCenter server
during certain user management operations.
00502893,
00508111,
00527960,
00506361,
00511205,
00522418
00423122, Users with policy download permissions also have permissions for SmartCenter server
database revision control.
00506350
00414727, When changing the color of a group object, the chosen color is saved SmartCenter server
and will display correctly even after reopening SmartDashboard.
00416543,
00506880
00339780, SmartCenter successfully installs policy for topologies with more than SmartCenter server
140 VPN communities.
00339880,
00339881,
00339882,
00349112,
00367550,
00428390,
00523514,
00527130
SmartDefense
ID Description Install On
00450311, To prevent a DNS UDP truncated response from being dropped by Gateway
the firewall run the following command:
00499947,
fw ctl set int dns_allow_udp_truncated_msg 1
00526088,
To disable the feature, set the value to 0.
00499949
00506258, To allow a DNS query with class "ANY" run the following command: Gateway
00431103, fw ctl set int fwdns_check_question_allow_class_any 1
00527458, To disable the feature, set the value to 0.
00506259
ClusterXL
ID Description Install On
00506325, In ClusterXL Legacy mode, only the Active machine will reply to ARP Gateway
requests sent by the Server on a non shared VLAN interface.
00506327,
00506407,
00336356,
00405735
00511534, QoS properties on cluster members are preserved for IPSO SmartCenter server
platforms. This resolves the issue discussed in sk40021
00520585,
(http://supportcontent.checkpoint.com/solutions?id=sk40021).
00520586,
00532306
00508897, Improved support for VOIP H.323 protocol for use with Avaya Gateway
Communication Manager (ACM).
00410142,
The endpoint normally initiates the H.323 (H.225) TCP connection to
00527894
the Gatekeeper or server. In scenarios where the Gatekeeper
initiates the TCP connection to the endpoint, set the global parameter
h323_gk_init_tcp_conn, by running the command fw ctl set
int h323_gk_init_tcp_conn 1. Note that when running Avaya
Communication Manager (ACM), the TTS (Time to service) feature
may be enabled by default. When TTS is enabled, the Gatekeeper
initiates the TCP connection to the endpoint, and so the
h323_gk_init_tcp_conn parameter must be set.
00404877, The firewall can be configured to allow a SIP (Session Initiation Gateway
Protocol) connection to continue despite receiving a SIP CANCEL
00506253,
request by running the following command:
00506254 fw ctl set int sip_accept_session_after_cancel 1
To disable the feature, set the value to 0.
00507785, Improved stability in policy installation after the gateway has made Gateway
multiple LDAP requests.
00509916,
00509917,
00509918
SmartLSM
ID Description Install On
00505308, Increases the maximum size of a script line of SmartLSM Edge SmartCenter server
gateway scripts using the LSMcli utility.
00506886
Eventia Reporter/Analyzer
ID Description Install On
00467171, Modules running Solaris ZFS filesystems do not show disk space Gateway
usage in SmartView Monitor
00506995,
00521534,
00533677
00363993, Connectra users are promptly removed from the list of connected Gateway
users in SmartView Monitor after they disconnect.
00442656,
00508628,
00508630,
00508631
00432800, More precise monitoring of CPU usage with SmartView Monitor on Gateway
multiprocessor systems running SecurePlatform 2.6.
00256749,
00434161,
00441857,
00494101,
00523645,
00523979,
00502612,
00503221,
00503295,
00505487,
00511182,
00518623,
00519478,
00522561,
00522803
SecurePlatform 28
SecurePlatform Web User Interface 29
IPSO 29
Windows 29
VPN-1 Edge/Embedded 30
Database Revisions 30
Endpoint Connect 30
Connectra 30
Eventia Analyzer and Reporting Server 31
ClusterXL 31
SecurePlatform
ID Description
00466648 After upgrading directly from R65 on SecurePlatform 2.6 to R65 HFA_70, uninstalling the
HFA is not supported as it may cause system instability. Before installing NGX R65 HFA
70 on SecurePlatform 2.6, make sure to take a snapshot of the entire system to enable
reverting to the previous state if needed. For details refer to sk42329
(http://supportcontent.checkpoint.com/solutions?id=sk42329).
However, uninstalling HFA_70 on SecurePlatform 2.6 is supported if done after
upgrading from a previous R65 SPLAT 2.6 supported HFA (HFA_50 or HFA_60) to
HFA_70.
SecurePlatform 2.6: Check Point NGX R65.4 is not supported for installation on top of
NGX R65 HFA 70 running on SecurePlatform 2.6.
SecurePlatform 2.4: On SecurePlatform Pro 2.4 using stand-alone architecture (with the
SmartCenter server and Gateway installed on the same machine) with Advanced
Routing, the installation of NGX R65.4 on top of NGX R65 HFA 70 overwrites the
Advanced Routing installation of build 62064001 (included in HFA_40).
To repair the Advanced Routing package:
a) Download and unpack HFA 70:
tar zxvf Check_Point_NGX_R65_HFA_70.linux.tgz
b) Go to the Advanced Routing directory:
cd hotfixes/dr_splat/
c) Unpack the dr_splat package:
tar zxvf dr_splat_R65_HFA.tgz
d) Install the package:
./dr_splat_HOTFIX_R65_70_620670003_1 -FORCED
e) Follow the installation instructions.
00435874 When using SecurePlatform Web User Interface to restore a machine from a snapshot
with a path name that has spaces, the restore will fail on error:
“Filename must not contain spaces.”
Workaround: Restore the machine from a path name that has no spaces.
00520229 When upgrading with the Web User Interface, if snapshot is enabled, you must close all
GUI applications before the snapshot can start.
IPSO
ID Description
After installing this HFA on IPSO Flash-based platforms, the installation log files are
automatically deleted after reboot.
After installing this HFA on IPSO 6.2 using SmartUpdate, you must manually reboot the
gateway.
Windows
ID Description
00194720 Using SmartUpdate to uninstall this HFA from Windows gateways requires a manual
reboot of the gateway.
To install this HFA on Windows gateways using SmartUpdate, a previous HFA must
have been installed on the gateway via CLI.
00520349, R65.4 installation on top of HFA 50 or above is blocked. For a workaround, see sk42965
(sk42965 - http://supportcontent.checkpoint.com/solutions?id=sk42965).
00520346
Uninstallation of both R65.4 and this HFA is not supported.
VPN-1 Edge/Embedded
ID Description
00437851 Installing a policy on a large number of VPN-1 UTM Edge devices managed from
SmartDashboard may not succeed.
Workaround: Install the policy on Edge devices in several batches.
00522831 During HFA installation, all INSPECT files related to the UTM-1 Edge compatibility
package (located at /opt/CPEdgecmp-R65/libsw/) are overwritten. Any manual changes
made on these files will be lost.
For details see: sk43158 https://supportcontent.checkpoint.com/solutions?id=sk43158
Database Revisions
ID Description
00432491 A database version created with the Policy Revision Control cannot be viewed or
restored if the list of currently installed plug-ins is different from when the Revision
Control version was created.
Endpoint Connect
ID Description
00416341 When using Smart Card certificate authentication, renewal of certificates that were
enrolled to the Smart Card is not supported. Note: Renewal from the local (CAPI) store is
supported.
00434786 Endpoint Connect requires MSXML3.dll on Windows 2000 SP4. This dll can be obtained
from Windows Update (Microsoft site). Place it in C:\WINDOWS\System32.
00426700 If the trac_client_1.ttm file should be edited on a Windows platform, it must be done in
Notepad; Wordpad will corrupt the file.
00434083 Connecting from two different machines to the same gateway with the same username is
not supported, because they may both get the same Office Mode IP, which would
disconnect the first session.
Connectra
ID Description
00467080 When changing the Database Maintenance configuration from a very large size (20 GB)
to a smaller size (2 GB) the cleaning process takes a very long time.
Workaround: In Database Maintenance, reduce the DB size gradually from 20 GB to 15
GB, then to 10 GB, and so on.
00519595 After uninstalling this HFA from a machine with Eventia Reporting Server, on which R65
HFA 25 was previously installed, the cpsemd process will not be able to start.
Workaround:
1. cpstop
2. execute:
Unix: CPRegSvr -p $RTDIR/lib libCPSet2Sql.so
Windows: CPRegSvr /p "%RTDIR%\lib" CPSet2Sql.dll
3. cpstart
ClusterXL
ID Description
00501854 All interfaces that are not part of the ClusterXL topology should be defined in:
$FWDIR/conf/discntd.if
00510097 A connection from one side of the ClusterXL (external or internal) with a destination IP
address of one of the non-active members' physical IP addresses on the other side of
the ClusterXL, will work only when 'fwha_forw_packet_to_not_active' is set to 1. That
connection will be forwarded by the 'active' member to the destination non-active
member on top of the 'sync' network.