| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] Problem with HA/Sync Modul on NG
- To: [email protected]
- Subject: Re: [FW-1] Problem with HA/Sync Modul on NG
- From: Arnor Arnason <[email protected]>
- Date: Thu, 21 Mar 2002 21:31:57 -0000
- Comments: cc: [email protected]
- Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
- Thread-index: AcHLfefX4MzOdAA7R4CMWGh4fM5dIgFoU78A
- Thread-topic: [FW-1] Problem with HA/Sync Modul on NG
According to Secureknowledge Solution skI2694 :
How to configure synchronization in FireWall-1 NG?
Solution ID: skI2694
Creation Date: 05/13/2001
Revised Date: 11/30/2001
Solution:
The default synchronization method in VPN-1/FireWall-1 NG is the new sync (UDP port 8116). It can be easily configured via the GUI as follows:
1. Create a Gateway cluster object.
2. Define the VPN-1/FireWall-1 NG modules that are included in the cluster.
3. In the Synchronization tab of the Gateway Cluster Properties window define the secured network.
The old sync method is enabled using the old method: by writing the IP of the peer VPN-1/FireWall-1 module to the $FWDIR/conf/sync.conf file on each module and running putkey between the VPN-1/FireWall-1 modules and the Management module.
You also have to go into cpconfig and enable HA/State Sync on both modules.
Regards,
Arnor Arnason
-----Original Message-----
From: Martin Christen [mailto:[email protected]]
Sent: 14. mars 2002 17:21
To: [email protected]
Subject: [FW-1] Problem with HA/Sync Modul on NG
Hello
We use 2NG's on two Solaris 8 environment in a HA configuration.
If we start the HA-Sync Module then the firewall send hudge number of
broadcasts on UDP port 8116 with a MAC-Address like FE:1 to all the
connected networks. In 4.1 we can reduce this traffic to interfaces in the
sync.conf. But the NG does not support the sync.conf anymore. Is there a
possiblity to configure the system to use one specific sync-link?
Regards
Martin
__________________________________http://www.clounet.ch
Martin Christen
NMS/Security Consultant
Phone: +41(0)31 950 55 83 ClouNet AG
Fax: +41(0)31 950 55 90 Ammannstrasse 1
[email protected] CH-3074 Muri b. Bern
________________________________________________________
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
|
|
