[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] FW Architecture Advise
sheik Can you further describe why would I need to keep my current FW address for my virtual IP? Since my global FW/VPNs communicate with my management station isn't the MGT station more important to keep the same? Thanks Chris --- Sheik Abdulla <[email protected]> wrote: > Hi Chris, > > You need to keep your existing FW IP, 192.168.1.1 as > Virtual IP for HA for > both boxes. You need to configure this Gateway > cluster in SEP mode. > Individual Nokia boxes will have different IP > addresses of the same subnet, > e.g., 192.168.1.3 & 4. Whereas you have to have your > management station > separately with another IP address, e.g., > 192.168.1.5. (Your router is > 192.168.1.2, as you said). > > You need to mention the mangement station address in > both boxes. For > further clarification go through > http://support.checkpoint.com > > regards, > sheik > [email protected] > > > ----- Original Message ----- > From: "Chris H" <[email protected]> > To: <[email protected]> > Sent: Tuesday, September 11, 2001 5:58 AM > Subject: [FW1] FW Architecture Advise > > > > I have an enterprise FW/VPN and management module > installed on the same server in a large production > environment. This box controls and runs over 12 > FW/VPN modules around the world. Most offices have > no > IS support (i.e. no hands to help make changes.) I > am > changing the enterprise FW/VPN management server > from > an NT server to 2 Nokia 440's in an HA > configuration. > The advise I need is: > Since I have all of those FW/VPN boxes running VPNs > with and looking at my FW's managment modules > current > IP address, lets say it is 198.6.1.1, and my router > (connection to the internet) is setup as 198.6.1.2 > what is the easiest way to setup my Nokia's in HA > without having to change my FW/VPNs around the > world. > My first thought: > Setup the Nokia's as say 198.6.1.3 and leave my > management server setup as 198.6.1.1 This would > allow > the management module to continue communicating with > my remote FW/VPN boxes. However this leaves my > management server sitting exposed to the internet > with > just a router access list to protect it. > Any help is appreciated > Thanks > Chris > > > __________________________________________________ > Do You Yahoo!? > Get email alerts & NEW webcam video instant > messaging with Yahoo! Messenger > http://im.yahoo.com > > > ============================================================================ > ==== > To unsubscribe from this mailing list, please > see the instructions at > > http://www.checkpoint.com/services/mailing.html > ============================================================================ > ==== > __________________________________________________ Do You Yahoo!? Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|