Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Syncronyzing 2 FW-1 firewals

To: "Dunn, Daniel, CTR, OSD-ATL" <[email protected]>, "'Sommariva Graziano'" <[email protected]>, "'Seelig, Daniel'" <[email protected]>, "'Rodrigo Borges'" <[email protected]>
Subject: Re: [FW1] Syncronyzing 2 FW-1 firewals
From: "Tim Holman" <[email protected]>
Date: Mon, 29 Jan 2001 11:47:56 -0000
Cc: <[email protected]>
References: <[email protected]>
Sender: [email protected]

I want to try and clear this up !
Can 2 SINGLE GATEWAY LICENSE Checkpoint Firewalls perform state sync ?
I was under the impression that  the single gateway solution would only
properly license a standalone solution, and that any interoperability with
other firewall products would be disabled.
I'm probably digging myself a deeper hole, but for the sake and pursuit of
trivia, it's well worth it !

Tim


----- Original Message -----
From: Dunn, Daniel, CTR, OSD-ATL <[email protected]>
To: 'Tim Holman' <[email protected]>; 'Sommariva Graziano'
<[email protected]>; 'Seelig, Daniel' <[email protected]>;
'Rodrigo Borges' <[email protected]>
Cc: <[email protected]>
Sent: 28 March 2001 12:07
Subject: RE: [FW1] Syncronyzing 2 FW-1 firewals


>
> This is not enitrely correct.  You CAN state synchronize without running
the
> HA module.  Here is what Check Point sent me:
>
> ------------start------------------
> How to set up synchronization between two FireWalls
>
> Fact: FireWall-1 4.0
> Fact: Sun Solaris Sparc
> Fact: Windows NT Server 4.0
>
>
> Fix: Do the following:
>
> 1. Create a file $FWDIR/conf/sync.conf on both modules. The file should
> contain the name or IP of the peer module
> 2. Run 'fwstop' on both modules
> 3. Run 'fw putkey -n <local module ip address> <remote module ip address>
> on both modules
> 4. Run 'fwstart' on both modules
> -----------end---------------------
>
> One thing that helps is to have the firewall modules connected on a
> separate/private network.  I have my two firewall modules and my
management
> module connected over a private (10.x.x.x) network and I also exchage
state
> information over this link.
>
> Cheers,
>
> Dan
>
> --------------------------------------------------------------------------
--
> -
> Daniel R. (Dan) Dunn, EE
> Principal INFOSEC Engineer, GRC Int'l (an AT&T company)
> OSD-ITD Firewall Administrator
> p:, ext 500
>
> The opinions expressed by the author are entirely his own, and do not
> reflect those of AT&T, GRCI, Inc., or their subsidiaries, nor do they
> reflect policy, opinion, or endorsement by the US Department of Defense or
> any of its agencies.
>
>
>
> >-----Original Message-----
> >From: Tim Holman [mailto:[email protected]]
> >Sent: Tuesday, March 27, 2001 4:58 PM
> >To: Sommariva Graziano; 'Seelig, Daniel'; 'Rodrigo Borges'
> >Cc: [email protected]
> >Subject: Re: [FW1] Syncronyzing 2 FW-1 firewals
> >
> >
> >
> >You need it for Checkpoint HA, which includes state synchronisation.
> >You can setup Nokias or whatever without the HA license, but
> >you won't be
> >able to state sync, so connections will be lost during failover.
> >
> >
> >----- Original Message -----
> >From: Sommariva Graziano <[email protected]>
> >To: 'Seelig, Daniel' <[email protected]>; 'Rodrigo Borges'
> ><[email protected]>
> >Cc: <[email protected]>
> >Sent: 26 March 2001 15:25
> >Subject: [FW1] Syncronyzing 2 FW-1 firewals
> >
> >
> >>
> >> Is it mandatory to by HA licence to syncronize to FW-1?
> >>
> >> Bes Regards,
> >>
> >>
> >> Graziano Sommariva
> >> *Phone:.
> >> *E-Mail: [email protected]
> >>
> >> Network Manager
> >> TLC - Telecomunicazioni
> >> SSC - Service Unit Servizi Continuativi
> >> Elsag S.p.A.
> >>
> >>
> >>
> >>
> >===============================================================
> >=============
> >====
> >>      To unsubscribe from this mailing list, please see the
> >instructions at
> >>                http://www.checkpoint.com/services/mailing.html
> >>
> >===============================================================
> >=============
> >====
> >>
> >
> >
> >===============================================================
> >=================
> >     To unsubscribe from this mailing list, please see the
> >instructions at
> >               http://www.checkpoint.com/services/mailing.html
> >===============================================================
> >=================
> >
>
>
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- RE: [FW1] Syncronyzing 2 FW-1 firewals
  - From: "Dunn, Daniel, CTR, OSD-ATL" <[email protected]>

Prev by Date: [FW1] IP Design for transparent firewall
Next by Date: Re: [FW1] 169.254.X.X ip addresses in state table
Previous by thread: RE: [FW1] Syncronyzing 2 FW-1 firewals
Next by thread: Re: [FW1] Syncronyzing 2 FW-1 firewals
Index(es):
- Date
- Thread