[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] SecureClient IKE Key Exchange
Hello. Have a question about FW-I 4.1 and SecureClient. I'm trying to figure out exactly what determines the IP address to which the IKE key exchange is attempted. In our case, there are two firewalls (A and B), one of which is a cold spare. We've been using firewall B as the primary ever since we deployed SecureClient a few months ago. We had to fail over to firewall A today, however, because of a hardware issue with firewall B. I used to think that the key exchange went to whatever IP address is listed in the primary firewall's 'General' tab in Policy Editor. This doesn't seem to be 100% accurate, however, as the key exchange is still trying to go to firewall B's IP address even know firewall A is now the primary. The userc.C file that is pushed to the client upon adding the site contains information about both firewalls. Firewall B seems to take precedence over firewall A, however, even know firewall A's information is listed first in userc.C. So, I'm wondering if there's a setting somewhere that I'm not aware of that dictates which listed firewall in userc.C takes precedence. Anyone know? All help is apprecitated. Thanks, Tim __________________________________________________ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|