Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] FW Architecture Advise

To: Chris H <[email protected]>
Subject: Re: [FW1] FW Architecture Advise
From: Sheik Abdulla <[email protected]>
Date: Wed, 12 Sep 2001 11:52:47 +0800
Cc: [email protected]
References: <[email protected]>
Sender: [email protected]

Hi Chris,

You need to keep your existing FW IP, 192.168.1.1 as Virtual IP for HA for
both boxes. You need to configure this Gateway cluster in SEP mode.
Individual Nokia boxes will have different IP addresses of the same subnet,
e.g., 192.168.1.3 & 4. Whereas you have to have your management station
separately with another IP address, e.g., 192.168.1.5.  (Your router is
192.168.1.2, as you said).

You need to mention the mangement station address in both boxes.  For
further clarification go through http://support.checkpoint.com

regards,
sheik
[email protected]


----- Original Message -----
From: "Chris H" <[email protected]>
To: <[email protected]>
Sent: Tuesday, September 11, 2001 5:58 AM
Subject: [FW1] FW Architecture Advise



I have an enterprise FW/VPN and management module
installed on the same server in a large production
environment.  This box controls and runs over 12
FW/VPN modules around the world.  Most offices have no
IS support (i.e. no hands to help make changes.)  I am
changing the enterprise FW/VPN management server from
an NT server to 2 Nokia 440's in an HA configuration.
The advise I need is:
Since I have all of those FW/VPN boxes running VPNs
with and looking at my FW's managment modules current
IP address, lets say it is 198.6.1.1, and my router
(connection to the internet) is setup as 198.6.1.2
what is the easiest way to setup my Nokia's in HA
without having to change my FW/VPNs around the world.
My first thought:
Setup the Nokia's as say 198.6.1.3 and leave my
management server setup as 198.6.1.1  This would allow
the management module to continue communicating with
my remote FW/VPN boxes.  However this leaves my
management server sitting exposed to the internet with
just a router access list to protect it.
Any help is appreciated
Thanks
Chris


__________________________________________________
Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger
http://im.yahoo.com


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Follow-Ups:
- Re: [FW1] FW Architecture Advise
  - From: Chris H <[email protected]>
- Re: [FW1] FW Architecture Advise
  - From: Chris H <[email protected]>

References:
- [FW1] FW Architecture Advise
  - From: Chris H <[email protected]>

Prev by Date: [FW1] question about 4.1 SP4 "new feature"
Next by Date: [FW1] sendmail on DMZ
Previous by thread: [FW1] FW Architecture Advise
Next by thread: Re: [FW1] FW Architecture Advise
Index(es):
- Date
- Thread