NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] HA Setup with 4.1 SP1 on Solaris 2.6



At 02:20 07.10.00 -0500, Shakeel wrote:
>1) Do I need any third party HA software (such as Stonebeat)?? I have
>the Checkpoint HA module loaded
>    and can perform the cpha commands.

No, Stonebeat HA/FC and others are third party solutions to implement
High Availability for Check Point FW-1/VPN-1. 
The CP HA module (currently) does fail-over HA with no load-sharing or
-balancing as do Stonebeat / Rainwall etc.


>2) When I bring up the firewalls, both the machines have their NIC's
>active.  Isn't the HA software
>     suppose to take care of this where the active machine should have
>the NIC's live and the
>     standby machine be in standby mode.

No, the CP HA module doesn't take interfaces online/offline depending
on a nodes state. It plugs into the process of packet processing and
sits in front of the filter kernel module and drops IP packets when a 
nodes state is standby before they reach the FW module.


>3) I have all the 3 interfaces listed on both  the machines in
>hostanme.hme0 hostname.znb0
>     and hostname.znb1, so that means that solaris would ifconfig the
>interface while coming up.
>    Should I remove the znb entries on the secondary ones ( that's where
>the external and internal
>    IP's are defined)???

No. Both nodes are supposed to receive all traffic through their shared
interfaces. Therefore all interfaces are up at the same time and share
a single MAC and IP address per NIC. The HA module decides at which node
traffic passes further up the stack.

>What am I missing here???

A proper documentation of CP HA ;)

Hans
Btw.: Your cross posting to the fw1-wizards mailing list at phoneboy.com
was rejected by the moderator(s) as all cross-posted messages will be.



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents � 2003 Network Presence, LLC. All rights reserved.