I'm running an IPSO cluster on two IP 740 appliances. IPSO version is
3.7-Build035. Checkpoint version is NG AI R54-HFA408. I'm trying to
use the Enhanced UFP (in.aufpd) to communicate with a Websense 5.1
server for content filtering. What I find is that when I have both
cluster nodes up, sometimes I am able to get content that I should
not. When I look in the firewall logs I can clearly see that the
Websense server said to block the site, however one of the firewalls
obviously let it through when it shouldn't have. If I do an fwstop on
one of the cluster nodes so that all traffic is flowing through only
one firewall, then everything works fine every time. I've opened up a
ticket with Nokia and they've had me try all kinds of things. I've
used modzap to change the way the firewall handles TCP flows so that a
particular TCP stream will not be load balanced between nodes, but
will stay on the same node. I've changed the work assignment in the
IPSO cluster setup from dynamic to static, again so that a TCP flow
will stay on the same node. I've also disabled IPSO firewall flows
with the ipsofwd slowpath command to try and elimate that as a
problem. None of these solutions has helped with the problem. If
anyone has any other ideas, I'd certainly appreciate the help.