Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Changing firewall object IP address

To: [email protected]
Subject: [FW-1] Changing firewall object IP address
From: "Hawkins, Michael" <[email protected]>
Date: Mon, 5 Nov 2001 10:03:17 -0500
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hello Checkpoint world,

We have a Checkpoint 4.0 Stonebeat HA unit containing two firewalls.

The original people who put it together used a particularly weird
configuration that has the firewall objects IP addresses set to the
heartbeat interface IP address between the two firewalls.

Apart from being the wrong way to do it, this configuration makes it
impossible to view the logs from a managment workstation inside our network.
The only place you can get to the logs is a machine actually on the
heartbeat network.

So now we want to change the IP address of the firewall objects to arped
inside addresses. Stonebeat switches the inside IP from one firewall to the
other. So I intend to ARP two new addresses on the inside interfaces.

Those new addresses will become the new IP addresses for the firewall
objects in Firewall-1.

Will this work? Am I missing something that would need to be done in
addition? I only ask because these firewalls are very production sensitive
so I appreciate anyones comments on my design change idea.

Also, these firewalls have VPN's going out to several sites. Will changing
the firewall objects necessitate refreshing keys or not? I don't think I
need to refresh keys but I'm not sure.

Guess I should go do that Firewall-1 training right?

Thanks in advance,

Mike H


<<Disclaimer>>

This electronic mail is intended only for the use of the addressee(s) named
herein. Unless otherwise specifically stated, the views contained and
expressed in this electronic mail are strictly those of the individual
sender and are not the views of the Company or any of its Directors or other
employees. If you are not the intended recipient of this electronic mail,
you are hereby notified that any dissemination, distribution or coping of
this electronic mail is strictly prohibited. If you received this electronic
mail in error please immediately notify us by return electronic mail and
delete this electronic mail from your system.

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

Follow-Ups:
- Re: [FW-1] Changing firewall object IP address
  - From: Patrick Lotti <[email protected]>

Prev by Date: Re: [FW-1] virtuel ip address on sun 2.6 hardened built
Next by Date: Re: [FW-1] Error opening Lotus Notes databases
Previous by thread: Re: [FW-1] Error opening Lotus Notes databases
Next by thread: Re: [FW-1] Changing firewall object IP address
Index(es):
- Date
- Thread