|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] FW Architecture Advise
I understand the IP addressing, however I can pick any IP addresses I like because I have 2 class Cs to choose from. The hurdle as I see it is that my nearly dozen FW modules that are around the world see the existing FW address as the MGT station address. Therefore by changing the mgt station IP to something else I must alter all FWs around the world to look at a different master. That is my dilemma. I have no one in many of the offices that will be able to make changes. Thanks Chris --- Sheik Abdulla <[email protected]> wrote: > > Hi Chris, > > You need to keep your existing FW IP, 192.168.1.1 as > Virtual IP for HA for > both boxes. You need to configure this Gateway > cluster in SEP mode. > Individual Nokia boxes will have different IP > addresses of the same subnet, > e.g., 192.168.1.3 & 4. Whereas you have to have your > management station > separately with another IP address, e.g., > 192.168.1.5. (Your router is > 192.168.1.2, as you said). > > You need to mention the mangement station address in > both boxes. For > further clarification go through > http://support.checkpoint.com > > regards, > sheik > [email protected] > > > ----- Original Message ----- > From: "Chris H" <[email protected]> > To: <[email protected]> > Sent: Tuesday, September 11, 2001 5:58 AM > Subject: [FW1] FW Architecture Advise > > > > I have an enterprise FW/VPN and management module > installed on the same server in a large production > environment. This box controls and runs over 12 > FW/VPN modules around the world. Most offices have > no > IS support (i.e. no hands to help make changes.) I > am > changing the enterprise FW/VPN management server > from > an NT server to 2 Nokia 440's in an HA > configuration. > The advise I need is: > Since I have all of those FW/VPN boxes running VPNs > with and looking at my FW's managment modules > current > IP address, lets say it is 198.6.1.1, and my router > (connection to the internet) is setup as 198.6.1.2 > what is the easiest way to setup my Nokia's in HA > without having to change my FW/VPNs around the > world. > My first thought: > Setup the Nokia's as say 198.6.1.3 and leave my > management server setup as 198.6.1.1 This would > allow > the management module to continue communicating with > my remote FW/VPN boxes. However this leaves my > management server sitting exposed to the internet > with > just a router access list to protect it. > Any help is appreciated > Thanks > Chris > > > __________________________________________________ > Do You Yahoo!? > Get email alerts & NEW webcam video instant > messaging with Yahoo! Messenger > http://im.yahoo.com > > > ============================================================================ > ==== > To unsubscribe from this mailing list, please > see the instructions at > > http://www.checkpoint.com/services/mailing.html > ============================================================================ > ==== > > > > ================================================================================ > To unsubscribe from this mailing list, please > see the instructions at > > http://www.checkpoint.com/services/mailing.html > ================================================================================ > __________________________________________________ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
