|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Syncronyzing 2 FW-1 firewals
Correct. I've been running syncronized firewalls since version 3.0b, in a design similar to the one at http://www.hanetworks.com/networks/ospf/, without using any HA package (using OSPF routing to handle failover instead.) Hope this helps. Jason At 07:07 AM 3/28/01 -0500, Dunn, Daniel, CTR, OSD-ATL wrote: > >This is not enitrely correct. You CAN state synchronize without running the >HA module. Here is what Check Point sent me: > >------------start------------------ >How to set up synchronization between two FireWalls > >Fact: FireWall-1 4.0 >Fact: Sun Solaris Sparc >Fact: Windows NT Server 4.0 > > >Fix: Do the following: > >1. Create a file $FWDIR/conf/sync.conf on both modules. The file should >contain the name or IP of the peer module >2. Run 'fwstop' on both modules >3. Run 'fw putkey -n <local module ip address> <remote module ip address> >on both modules >4. Run 'fwstart' on both modules >-----------end--------------------- > >One thing that helps is to have the firewall modules connected on a >separate/private network. I have my two firewall modules and my management >module connected over a private (10.x.x.x) network and I also exchage state >information over this link. > >Cheers, > >Dan > >---------------------------------------------------------------------------- >- >Daniel R. (Dan) Dunn, EE >Principal INFOSEC Engineer, GRC Int'l (an AT&T company) >OSD-ITD Firewall Administrator >p:, ext 500 > >The opinions expressed by the author are entirely his own, and do not >reflect those of AT&T, GRCI, Inc., or their subsidiaries, nor do they >reflect policy, opinion, or endorsement by the US Department of Defense or >any of its agencies. > > > >>-----Original Message----- >>From: Tim Holman [mailto:[email protected]] >>Sent: Tuesday, March 27, 2001 4:58 PM >>To: Sommariva Graziano; 'Seelig, Daniel'; 'Rodrigo Borges' >>Cc: [email protected] >>Subject: Re: [FW1] Syncronyzing 2 FW-1 firewals >> >> >> >>You need it for Checkpoint HA, which includes state synchronisation. >>You can setup Nokias or whatever without the HA license, but >>you won't be >>able to state sync, so connections will be lost during failover. >> >> >>----- Original Message ----- >>From: Sommariva Graziano <[email protected]> >>To: 'Seelig, Daniel' <[email protected]>; 'Rodrigo Borges' >><[email protected]> >>Cc: <[email protected]> >>Sent: 26 March 2001 15:25 >>Subject: [FW1] Syncronyzing 2 FW-1 firewals >> >> >>> >>> Is it mandatory to by HA licence to syncronize to FW-1? >>> >>> Bes Regards, >>> >>> >>> Graziano Sommariva >>> *Phone:. >>> *E-Mail: [email protected] >>> >>> Network Manager >>> TLC - Telecomunicazioni >>> SSC - Service Unit Servizi Continuativi >>> Elsag S.p.A. >>> >>> >>> >>> >>=============================================================== >>============= >>==== >>> To unsubscribe from this mailing list, please see the >>instructions at >>> http://www.checkpoint.com/services/mailing.html >>> >>=============================================================== >>============= >>==== >>> >> >> >>=============================================================== >>================= >> To unsubscribe from this mailing list, please see the >>instructions at >> http://www.checkpoint.com/services/mailing.html >>=============================================================== >>================= >> > > >=========================================================================== ===== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html >=========================================================================== ===== > > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
