Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Nokia and HA configuration

To: "'[email protected]'" <[email protected]>
Subject: [FW1] Nokia and HA configuration
From: "Kondisetty, Sudhir" <[email protected]>
Date: Fri, 3 Aug 2001 17:33:28 -0400
Sender: [email protected]

Hello all,

I'm setting up a two Nokia's 440's in a high availability configuration for
the first time.  I think I have most of the information down correctly, but
had a couple of questions.  I have three objects setup: Firewall Primary,
Firewall Secondary, and Firewall Cluster.

Firewall Primary - has all the physical IP Addresses for the primary
firewall
Firewall Secondary - has all the physical IP Addresses for the backup
firewall
Firewall Cluster - has the logical IP addresses

I've also set a rule at the top of my rulebase for the VRPP broadcast.

1) My question is what object do I use in my rules?  Do I use the Cluster
object, Firewall objects, or all three?

2) Do I have to enter Authentication, Encryption, etc. information for all
three objects?  Or can I do it just on the Gateway.  The documentation says
that some options should go away when I include firewalls in a cluster, but
I haven't done that yet.

3) I've configured a NIC on each firewall with IP addresses on the same
subnet and connected them with a crossover cable.  I intend that to be by
sync connection.  Where do I specify those interfaces to be the sync
connection?  Is that even necessary?

4) I connected to the Nokia box via my web browser from the internal NIC
card.  But if I point my browser to the external NIC, will I be able to
connect?  If so, is there a way to enable the browser connection only from
the internal NIC?

I apologize for my ignorance.  This configuration was sprung on me in the
last minute and I've not had time to research it properly. I've checked out
some whitepapers from CheckPoint and they seem a bit contradictory.   Any
help you can provide would be great.  I

Sudhir Kondisetty
First Consulting Group




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Routing from a VPN tunnel into another VPN tunnel !!
Next by Date: [FW1] Why do responses take so long
Previous by thread: RE: [FW1] Routing from a VPN tunnel into another VPN tunnel !!
Next by thread: [FW1] Why do responses take so long
Index(es):
- Date
- Thread