[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] Multiple Border FW-1's, SR now broken
Title: RE: [FW1] Multiple Border FW-1's, SR now broken
A little more information would help.
How is SR broken? Do you not get any encrypted packets through the 440s or can you not even download a topology? Did you do a sniff on the internal interface to see what was going on?
-----Original Message-----
From: Tom Sevy [mailto:[email protected]]
Sent: Wednesday, March 14, 2001 3:00 PM
To: FWList (E-mail)
Subject: [FW1] Multiple Border FW-1's, SR now broken
Had two IP440's in HA, and SecuRemote worked, in this scenario:
IP440/IP440 HA
Multiple internal hidden/nat networks
192,168.99.0/24, 192.168.100.0/24, 192.168.101.0/24, etc
Added an IP330 so that IP330 is default gateway for 192.168.99.0 internal
lan, and IP440(s) remain default gateway for other segments. Reason being
that what is behind the IP440 pair is critical, and what is behind the IP330
is non-critical. So we can afford to go down on the IP330 but not on the
IP440s. And we wanted to keep the data flowing between 192.168.99.0 and the
other internal zones handled by the IP330, leaving the IP440's to handle
(again) the critical tasks.
IP330 IP440/IP440 HA
192.168.99.0/24 Multiple internal hidden/nat networks
192.168.100.0/24, 192.168.101.0/24, etc
The IP330 is running IPSO 3.3, and FW-1 4.1 SP3
The IP440s are running IPSO 3.2, and FW-1 4.1 SP2
Any suggestions on how this should be setup? With the IP440s, before the
IP330 came on, IP440-A was the default gateway for SR connections, and it
listed IP440-B as the backup.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================