NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Cluster Gateway definition

Thank you, but I need more, can't find anything in the notes, take this VRRPmc 
example.

Each fw has 6 virtual ip's which means creating 6 Gateway Clusters, each 
interface has two virtual IP for load sharing.  How does one make the firewall 
a member of all these 6 clusters(imposible). In theory this design is sound, I 
just can't get it right on the rulebase, how do I create these gw clusters.  
The fwclean is connected to the Internal network. fwnet connects to the 
internet and fwdmz is connected to the DMZ.

 


	|fwnet						|fwnet2
______________				______|________
|		|  fwclean1		fwclean2|		|
|		|----- ---			_______|		|
|		|				|		|
|_____________|				|____________ |
	|fwdmz1						|fwdmz2
	|						|

fwnet1						fwnet2
ip 10.0.0.1 (real IP)				ip 10.0.0.2
	vr1 10.0.0.3	priority=50			vr1 10.0.0.4 p=50
	vr2 10.0.0.4	priority=40			vr2 10.0.0.3 p=40
fwclean1					fwclean1
 ip  192.168.0.1					ip  192.168.0.2
	vr3  192.168.0.3  priority=50			vr4  192.168.0.4 p=50
	vr4   192.168.0.4 priority=40			vr3  192.168.0.3 p=40
fwdmz1						fwdmz1
ip  172.134.0.1					ip  172.134.0.2
	vr5  172.134.0.3  priority=50			vr6  172.134.0.4  p=50
	vr6  172.134.0.4  priority=40			vr5  172.134.0.3  p=40


Should I Create the Cluster Gateways (CGr1, CGr2....CGr6) objects as a 
workstation using the six virtual IP’s (vr1,vr2...vr6) for each firewall. ??
or Instead of creating (CGr1….CGr6) as above, should I just create (CGr1  & 
CGr2) and defined with all the virtual IP addresses of both firewalls. 

in this example the second option of defining CGr1, CGr2....CGr6 means I have 
to install on six cluster gateways, is this the way?

in this design the devices can use any of the two virtual IP as their default 
gateway.




-- 
Get your firstname@lastname email for FREE at http://Nameplanet.com/?su


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.