[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Syncronyzing 2 FW-1 firewals
This is not enitrely correct. You CAN state synchronize without running the HA module. Here is what Check Point sent me: ------------start------------------ How to set up synchronization between two FireWalls Fact: FireWall-1 4.0 Fact: Sun Solaris Sparc Fact: Windows NT Server 4.0 Fix: Do the following: 1. Create a file $FWDIR/conf/sync.conf on both modules. The file should contain the name or IP of the peer module 2. Run 'fwstop' on both modules 3. Run 'fw putkey -n <local module ip address> <remote module ip address> on both modules 4. Run 'fwstart' on both modules -----------end--------------------- One thing that helps is to have the firewall modules connected on a separate/private network. I have my two firewall modules and my management module connected over a private (10.x.x.x) network and I also exchage state information over this link. Cheers, Dan ---------------------------------------------------------------------------- - Daniel R. (Dan) Dunn, EE Principal INFOSEC Engineer, GRC Int'l (an AT&T company) OSD-ITD Firewall Administrator p:, ext 500 The opinions expressed by the author are entirely his own, and do not reflect those of AT&T, GRCI, Inc., or their subsidiaries, nor do they reflect policy, opinion, or endorsement by the US Department of Defense or any of its agencies. >-----Original Message----- >From: Tim Holman [mailto:[email protected]] >Sent: Tuesday, March 27, 2001 4:58 PM >To: Sommariva Graziano; 'Seelig, Daniel'; 'Rodrigo Borges' >Cc: [email protected] >Subject: Re: [FW1] Syncronyzing 2 FW-1 firewals > > > >You need it for Checkpoint HA, which includes state synchronisation. >You can setup Nokias or whatever without the HA license, but >you won't be >able to state sync, so connections will be lost during failover. > > >----- Original Message ----- >From: Sommariva Graziano <[email protected]> >To: 'Seelig, Daniel' <[email protected]>; 'Rodrigo Borges' ><[email protected]> >Cc: <[email protected]> >Sent: 26 March 2001 15:25 >Subject: [FW1] Syncronyzing 2 FW-1 firewals > > >> >> Is it mandatory to by HA licence to syncronize to FW-1? >> >> Bes Regards, >> >> >> Graziano Sommariva >> *Phone:. >> *E-Mail: [email protected] >> >> Network Manager >> TLC - Telecomunicazioni >> SSC - Service Unit Servizi Continuativi >> Elsag S.p.A. >> >> >> >> >=============================================================== >============= >==== >> To unsubscribe from this mailing list, please see the >instructions at >> http://www.checkpoint.com/services/mailing.html >> >=============================================================== >============= >==== >> > > >=============================================================== >================= > To unsubscribe from this mailing list, please see the >instructions at > http://www.checkpoint.com/services/mailing.html >=============================================================== >================= > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|