Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] FW Architecture Advise

To: Sheik Abdulla <[email protected]>
Subject: Re: [FW1] FW Architecture Advise
From: Chris H <[email protected]>
Date: Wed, 12 Sep 2001 11:49:24 -0700 (PDT)
Cc: [email protected]
In-reply-to: <[email protected]>
Sender: [email protected]

sheik
Can you further describe why would I need to keep my
current FW address for my virtual IP?  Since my global
FW/VPNs communicate with my management station isn't
the MGT station more important to keep the same?

Thanks
Chris
--- Sheik Abdulla <[email protected]> wrote:
> Hi Chris,
> 
> You need to keep your existing FW IP, 192.168.1.1 as
> Virtual IP for HA for
> both boxes. You need to configure this Gateway
> cluster in SEP mode.
> Individual Nokia boxes will have different IP
> addresses of the same subnet,
> e.g., 192.168.1.3 & 4. Whereas you have to have your
> management station
> separately with another IP address, e.g.,
> 192.168.1.5.  (Your router is
> 192.168.1.2, as you said).
> 
> You need to mention the mangement station address in
> both boxes.  For
> further clarification go through
> http://support.checkpoint.com
> 
> regards,
> sheik
> [email protected]
> 
> 
> ----- Original Message -----
> From: "Chris H" <[email protected]>
> To: <[email protected]>
> Sent: Tuesday, September 11, 2001 5:58 AM
> Subject: [FW1] FW Architecture Advise
> 
> 
> 
> I have an enterprise FW/VPN and management module
> installed on the same server in a large production
> environment.  This box controls and runs over 12
> FW/VPN modules around the world.  Most offices have
> no
> IS support (i.e. no hands to help make changes.)  I
> am
> changing the enterprise FW/VPN management server
> from
> an NT server to 2 Nokia 440's in an HA
> configuration.
> The advise I need is:
> Since I have all of those FW/VPN boxes running VPNs
> with and looking at my FW's managment modules
> current
> IP address, lets say it is 198.6.1.1, and my router
> (connection to the internet) is setup as 198.6.1.2
> what is the easiest way to setup my Nokia's in HA
> without having to change my FW/VPNs around the
> world.
> My first thought:
> Setup the Nokia's as say 198.6.1.3 and leave my
> management server setup as 198.6.1.1  This would
> allow
> the management module to continue communicating with
> my remote FW/VPN boxes.  However this leaves my
> management server sitting exposed to the internet
> with
> just a router access list to protect it.
> Any help is appreciated
> Thanks
> Chris
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Get email alerts & NEW webcam video instant
> messaging with Yahoo! Messenger
> http://im.yahoo.com
> 
> 
>
============================================================================
> ====
>      To unsubscribe from this mailing list, please
> see the instructions at
>               
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
> ====
> 


__________________________________________________
Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger
http://im.yahoo.com


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- Re: [FW1] FW Architecture Advise
  - From: Sheik Abdulla <[email protected]>

Prev by Date: [FW1] Firewall-1 Hangup
Next by Date: RE: [FW1] license problem...
Previous by thread: Re: [FW1] FW Architecture Advise
Next by thread: Re: [FW1] FW Architecture Advise
Index(es):
- Date
- Thread