NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Syncronyzing 2 FW-1 firewals



This is not enitrely correct.  You CAN state synchronize without running the
HA module.  Here is what Check Point sent me:

------------start------------------
How to set up synchronization between two FireWalls

Fact: FireWall-1 4.0
Fact: Sun Solaris Sparc 
Fact: Windows NT Server 4.0


Fix: Do the following:

1. Create a file $FWDIR/conf/sync.conf on both modules. The file should
contain the name or IP of the peer module
2. Run 'fwstop' on both modules
3. Run 'fw putkey -n <local module ip address> <remote module ip address>
on both modules
4. Run 'fwstart' on both modules
-----------end---------------------

One thing that helps is to have the firewall modules connected on a
separate/private network.  I have my two firewall modules and my management
module connected over a private (10.x.x.x) network and I also exchage state
information over this link.

Cheers,

Dan

----------------------------------------------------------------------------
-
Daniel R. (Dan) Dunn, EE 
Principal INFOSEC Engineer, GRC Int'l (an AT&T company) 
OSD-ITD Firewall Administrator 
p:, ext 500 

The opinions expressed by the author are entirely his own, and do not
reflect those of AT&T, GRCI, Inc., or their subsidiaries, nor do they
reflect policy, opinion, or endorsement by the US Department of Defense or
any of its agencies. 



>-----Original Message-----
>From: Tim Holman [mailto:[email protected]]
>Sent: Tuesday, March 27, 2001 4:58 PM
>To: Sommariva Graziano; 'Seelig, Daniel'; 'Rodrigo Borges'
>Cc: [email protected]
>Subject: Re: [FW1] Syncronyzing 2 FW-1 firewals
>
>
>
>You need it for Checkpoint HA, which includes state synchronisation.
>You can setup Nokias or whatever without the HA license, but 
>you won't be
>able to state sync, so connections will be lost during failover.
>
>
>----- Original Message -----
>From: Sommariva Graziano <[email protected]>
>To: 'Seelig, Daniel' <[email protected]>; 'Rodrigo Borges'
><[email protected]>
>Cc: <[email protected]>
>Sent: 26 March 2001 15:25
>Subject: [FW1] Syncronyzing 2 FW-1 firewals
>
>
>>
>> Is it mandatory to by HA licence to syncronize to FW-1?
>>
>> Bes Regards,
>>
>>
>> Graziano Sommariva
>> *Phone:.
>> *E-Mail: [email protected]
>>
>> Network Manager
>> TLC - Telecomunicazioni
>> SSC - Service Unit Servizi Continuativi
>> Elsag S.p.A.
>>
>>
>>
>>
>===============================================================
>=============
>====
>>      To unsubscribe from this mailing list, please see the 
>instructions at
>>                http://www.checkpoint.com/services/mailing.html
>>
>===============================================================
>=============
>====
>>
>
>
>===============================================================
>=================
>     To unsubscribe from this mailing list, please see the 
>instructions at
>               http://www.checkpoint.com/services/mailing.html
>===============================================================
>=================
>


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.