[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Fw: Firewall Synch
You have to putkey between the machines to get the sync to work as well as setting up the sync.conf on the 2 machines. I've found that the easiest way to ensure the sync is setup correctly it to make sure to use the actual addresses that you put in the sync.conf on both machines in the putkey. For example (using the sync.conf examples below ): after setting up the sync.conf on the 2 firewalls ( I also fwstop the firewalls BEFORE putkeying ): on machine1: fw putkey -n 10.0.10.1 10.0.10.2 on machine2: fw putkey -n 10.0.10.2 10.0.10.1 Of course, the putkey passwords will have to be the same on both machines. Then fwstart the firewalls and you should see traffic ( a "netstat -an | grep 25" should show traffic between the machines on ports 256(?) -----Original Message----- From: Mario Kadastik [mailto:[email protected]] Sent: Wednesday, January 03, 2001 5:14 AM To: Maureen A. Jacob; [email protected] Subject: Re: [FW1] Fw: Firewall Synch Hello Maureen > What do I need to configure for two firewalls to synchronize their > state table without stonebeat or any other third-party softwares? I have gotten only the old version sync to work and that was by creating on both machines the file sync.conf in $FWDIR/conf with these lines: (machine1 is 10.0.10.1 and machine2 is 10.0.10.2) on machine1: --- begin sync.conf --- SyncMode=TCP sync 10.0.10.2 --- end sync.conf --- on machine2: --- begin sync.conf --- SyncMode=TCP sync 10.0.10.1 --- end sync.conf --- and after bouncing both firewalls, it should say in both machines $FWDIR/log/fwd.elg logfiles that he is connected to sync server on the other end :) Mario Kadastik CCSE Estonian Telecommunications Co Ltd [email protected] ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|