Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Firewalls in HA configuration

To: [email protected]
Subject: Re: [FW1] Firewalls in HA configuration
From: derekp <[email protected]>
Date: Wed, 30 May 2001 16:24:04 +0100 (BST)
Cc: [email protected]
Reply-to: derekp <[email protected]>
Sender: [email protected]

HI James,

The systems behind the firewalls do have their default route set to the shared
HA IP address. There are no internal routers currently.

The problem can sometimes be resolved by failing over the firewalls twice which,
therefore, returns the Primary Firewall back into standby mode.  When this is
successful only the active frewall can ping. telnet etc the systems on its HA
networks. The Primary firewall in standby mode cannot, as expected.

Have you seen similar behaviour before?

Regards

Derek

>From: [email protected]
>X-Lotus-FromDomain: RSH
>To: derekp <[email protected]>
>cc: [email protected]
>Date: Wed, 30 May 2001 08:56:57 -0500
>Subject: Re: [FW1] Firewalls in HA configuration
>Mime-Version: 1.0
>Content-Disposition: inline
>
>
>
>Derek:
>
>     What IP address do you have your internal routers pointing to for outbound
>traffic? Do you have it pointing to the "virtual" IP address that both the
>primary and standby FWs share?
>
>
>|--------+-------------------------->
>|        |          derekp          |
>|        |          <derekp@openansw|
>|        |          ers.co.uk>      |
>|        |                          |
>|        |          05/29/2001 06:34|
>|        |          AM              |
>|        |          Please respond  |
>|        |          to derekp       |
>|        |                          |
>|--------+-------------------------->
>  
>----------------------------------------------------------------------------|
>  |                                                                            
|
>  |       To:     [email protected]                 
|
>  |       cc:     (bcc: James E Clukey/Rush/RSH)                               
|
>  |       Subject:     [FW1] Firewalls in HA configuration                     
|
>  
>----------------------------------------------------------------------------|
>
>
>
>
>
>
>Hi,
>
>Has anyone ever exprienced the following issue?
>
>I have set up a pair of Solaris 7 CheckPoint v4.1 Firewall systems in a HA
>'active-up' configuration. During testing, we found that if the Primary 
Firewall
>(or system with lowest Priority number) is in standby mode, then it is still
>actually able to communicate with the networks that should only really be
>accessible via the active Firewall system.
>
>This behaviour causes problems for systems attempting to communicate with the
>active firewall as the standby firewall intercepts and responds.
>
>Any help hints or info would be greatly appreciated.
>
>Thanks for your time,
>
>Regards
>
>Derek Plentie
>
>
>
>===============================================================================
=
>     To unsubscribe from this mailing list, please see the instructions at
>               http://www.checkpoint.com/services/mailing.html
>===============================================================================
=
>
>
>
>



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] SecuRemote and Personal Firewalls
Next by Date: [FW1] WebSite being Hacked!!!
Previous by thread: Re: [FW1] Firewalls in HA configuration
Next by thread: [FW1] VRRPv.2 and Monitored Circuit
Index(es):
- Date
- Thread