[FW-1] Advice: Routing with 2 node Stonebeat FW-1 cluster: moving interfaces

[Eric Appelboom <eric@FW1-NOSPAMMWEB.COM>]

Title: Message

Help with Routing with 2 node Stonebeat FW-1 cluster

 

I would like to route traffic that was destined to protected networks of interfaces SBIF0->6 to interface SBIF7 with static routes to a Cisco router behind the interface.

The router will be configured with the gateway ip address\networks of the previous 7 sbif interfaces with SBIF7 defined as its default gateway.

If I put the 7 interfaces down, bind ip network to router, would it listen to my static routes for all the networks and route traffic out via SBIF7 to the router?

 

If this was a standalone Solaris box I am sure it would work fine but my only confusion is how stonebeat\fw-1 would route.

 

Would I have to kill all the sbifx:0 defined virtual operational interfaces with multicast mac's on the first 7 interfaces? (with sbfcconfig tool) or could I shut them so I could rollback.(interfaces would be down)

Would I have to remove the 7 sbif interfaces defined in the fw-1 policy editor for the fw-1 nodes? OR would fw-1 ignore them because interfaces are down and apply the static routes? (ipspoofing removed)

If so how would I have add all thes networks in the fw policy editor on the fw-1 object, is there a character as the network seperator?

I recall that I would only have to do this if the network was directly connected which they they are not. (besides SBIF7 net)

 

Thanx

Eric

*** Disclaimer: The information in this email is confidential and is intended solely for the addressee(s). Access to this email by anyone else is unauthorised. If you are not an intended recipient, you must not read, forward, print, use or disseminate the information contained in the email. Any representations (contractual or otherwise), views or opinions presented are solely those of the author and do not necessarily represent those of the employer or any of its affiliates.