NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] HA in Nokia boxes with NG FP2

  • To: [email protected]
  • Subject: Re: [FW-1] HA in Nokia boxes with NG FP2
  • From: "Roelandts, Guy" <[email protected]>
  • Date: Mon, 8 Jul 2002 17:03:08 +0200
  • Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
  • Sender: Mailing list for discussion of Firewall-1 <[email protected]>
  • Thread-index: AcImjy6HmaFn24czSSyVQqZOPTYT/QAARduw
  • Thread-topic: Re: [FW-1] HA in Nokia boxes with NG FP2
Michel,

    I think you are wrong, I know VRRP is not a CheckPoint function.

    But to enable the new state synchronization to work, for OPSEC
 products like VRRP - StoneBeat - RainWall ..., you have to choose to
 enable/configure High Availability.

Met vriendelijke groeten - Bien à vous - Kind regards
Guy ROELANDTS
EMEA GS Internet Expertise Centre - CCSE-NG
Compaq BeLux - now part of the New HP
E-mail : [email protected]
Tel: +32(02)729.77.44 (options 3 - 3 - 1)
Fax: +32(02)729.77.65
==========================================================
This message may contain confidential and/or proprietary information,
and is intended only for the person/entity to whom it was originally
addressed. The content of this message may contain private views and
opinions which do not constitute a formal disclosure or commitment
unless specifically stated. Should you receive this message by mistake
please inform the sender immediately.
==========================================================


-----Original Message-----
From: Messier, Michel [mailto:[email protected]]
Sent: 08 July 2002 16:29
To: [email protected]
Subject: Re: [FW-1] HA in Nokia boxes with NG FP2


I believe that VRRP is a Nokia function and not a CheckPoint one. Therefore,
no clustering product (that you would have to license anyway...) from
CheckPoint should be selected. So you should answer no.

Your rulebase has to allow the traffic between the modules for state
synchronisation.

HTH,
Michel

-----Message d'origine-----
De : Carlos Infante [mailto:[email protected]]
Envoyé : 8 juillet, 2002 09:06
À : [email protected]
Objet : [FW-1] HA in Nokia boxes with NG FP2


Hi all,
 When configuring the fw modules, NG FP2,  for first time or when
running cpconfig you have to choose three options,



"Scanning for unknown interfaces...
Would you like to install a Check Point clustering product (CPHA, CPLS
or State Synchronization)? (y/n) [y] ? n
IP forwarding disabled
Hardening OS Security: IP forwarding will be disabled during boot.
Generating default filter
Default Filter installed
Hardening OS Security: Default Filter will be applied during boot.
This program will guide you through several steps where you
will define your VPN-1 & FireWall-1 configuration.
At any later time, you can reconfigure these parameters by
running cpconfig"



If you want to run VRRP in Nokia Boxes , but you want to have the
firewalls databases synchronized which option should I select?  In
Checkpoint Firewall-1 document this step in the cpconfig menu refers to
Cluster XL, but according to above document ClusterXL runs in all
platforms but Nokia.

How does Nokia perform this synchronization in NG?
Is similar to 4.1? (You must edit sync.conf  and add the IP of the peer
firewall) If yes, should I ignore the above message and type NO in the
Install Clustering Product menu?

Thanks in Advance

    Carlos Infante

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.