NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] VPN with a cluster



Yes, you are correct.  Since it shows the physical IP,  you can tell which
physical firewall the session traverses and so can tell if there was a
failover.  It works pretty well.  It would just be nice if the firewall
generated a message that a failover happened without having to figure it
out by looking at the IPs in the log.

Donna




Jeff LaCoursiere <[email protected]>
@beethoven.us.checkpoint.com> on 02-06-2002 12:37:19 PM

Please respond to Mailing list for discussion of Firewall-1
      <[email protected]>

Sent by:  Mailing list for discussion of Firewall-1
      <[email protected]>


To:   [email protected]
cc:
Subject:  Re: [FW-1] VPN with a cluster


Excellent.  Thanks for the confirmation.  Out of curiosity... I assume that
the logs then show by physical IP which firewall the sessions actually
traversed?  So if there was a failover you would know it from the logs?

Thanks!

j

-----Original Message-----
From: Donna O'Connell [mailto:[email protected]]
Sent: Wednesday, February 06, 2002 3:39 PM
To: [email protected]
Subject: Re: [FW-1] VPN with a cluster


We have a checkpoint cluster with VPN and the remote end has the address of
the cluster.  With the checkpoint SP5 the default is to NAT the gateways to
the cluster address. This is done in the objects.C file

 :IPsec_cluster_nat (true)

However, it is misleading in the fw log because the log only shows the
address of the physicall interface.  A snoop on the external interface does
show that the cluster address is what is being sent out.

Good Luck,
Donna

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.