A little more information would help.
How is SR broken? Do you not get any encrypted packets
through the 440s or can you not even download a topology? Did you do a
sniff on the internal interface to see what was going on?
-----Original Message-----
From: Tom
Sevy [mailto:[email protected]]
Sent: Wednesday, March 14, 2001 3:00 PM
To: FWList (E-mail)
Subject: [FW1] Multiple
Border FW-1's, SR now broken
Had two IP440's in HA, and SecuRemote worked, in this
scenario:
IP440/IP440 HA
Multiple internal
hidden/nat networks
192,168.99.0/24, 192.168.100.0/24,
192.168.101.0/24, etc
Added an IP330 so that IP330 is default gateway for
192.168.99.0 internal
lan, and IP440(s) remain default
gateway for other segments. Reason being
that
what is behind the IP440 pair is critical, and what is behind the IP330
is non-critical. So we can afford to go down on the
IP330 but not on the
IP440s. And we wanted to
keep the data flowing between 192.168.99.0 and the
other internal zones handled by the IP330, leaving the IP440's to
handle
(again) the critical tasks.
IP330
IP440/IP440 HA
192.168.99.0/24
Multiple internal hidden/nat networks
192.168.100.0/24, 192.168.101.0/24, etc
The IP330 is running IPSO 3.3, and FW-1 4.1 SP3
The IP440s are running IPSO 3.2, and FW-1 4.1 SP2
Any suggestions on how this should be setup? With the
IP440s, before the
IP330 came on, IP440-A was the
default gateway for SR connections, and it
listed
IP440-B as the backup.
================================================================================
To unsubscribe from this mailing
list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================