[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] VPN with a cluster
Yes, you are correct. Since it shows the physical IP, you can tell which physical firewall the session traverses and so can tell if there was a failover. It works pretty well. It would just be nice if the firewall generated a message that a failover happened without having to figure it out by looking at the IPs in the log. Donna Jeff LaCoursiere <[email protected]> @beethoven.us.checkpoint.com> on 02-06-2002 12:37:19 PM Please respond to Mailing list for discussion of Firewall-1 <[email protected]> Sent by: Mailing list for discussion of Firewall-1 <[email protected]> To: [email protected] cc: Subject: Re: [FW-1] VPN with a cluster Excellent. Thanks for the confirmation. Out of curiosity... I assume that the logs then show by physical IP which firewall the sessions actually traversed? So if there was a failover you would know it from the logs? Thanks! j -----Original Message----- From: Donna O'Connell [mailto:[email protected]] Sent: Wednesday, February 06, 2002 3:39 PM To: [email protected] Subject: Re: [FW-1] VPN with a cluster We have a checkpoint cluster with VPN and the remote end has the address of the cluster. With the checkpoint SP5 the default is to NAT the gateways to the cluster address. This is done in the objects.C file :IPsec_cluster_nat (true) However, it is misleading in the fw log because the log only shows the address of the physicall interface. A snoop on the external interface does show that the cluster address is what is being sent out. Good Luck, Donna ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|