[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Firewall Management HA Setup

To: [email protected]
Subject: Re: [FW-1] Firewall Management HA Setup
From: Matthias Leu <[email protected]>
Date: Wed, 20 Nov 2002 19:21:41 +0100
Organization: AERAsec Network Services and Security GmbH
References: <[email protected]>
Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>
User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.0.0) Gecko/20020530

Hi Yim,
first of all you will need a license for this feature. Then, the
Managements have to be installed on separate machines, without Firewall.
Then, it works quite fine.

The configuration is like
- Install Management on a separate machine selecting "secondary
management server"
- Copy from $FWDIR/conf/ from primrary to secondary management:
   internalCa.p12
   internalCA.NDB*
   internalCA.crl
   ICA.crl
- On the primary Management define the secondary as a Check Point, Host,
and select as installed product "secondary Management".
- Set up SIC with AuthPasswords
- Install/save the rulebase
- To synchronize select Policy, Management HA, Peer Status
   Then select synchronize
- Define the secondary Management as Master of your Firewalls, too.

You can synchronize manually or automatically then. And, it doens't
matter, which Management you use. But, you will need two machines
without Firewall installed - just the Management. If you can't separate,
maybe a backup by script will do also.

Hope it helps,
best regards,
Matthias
http://www.fw-1.de

Yim Lee wrote:
> I have a pair of Nokia 530 doing firewall management
> and gateway.  Currently, I have the Nokia in a
> primary/standby mode and sync all the changes from the
> primary to the standby each night.  I would like to
> move both boxes to a VRRP HA pair.  My question is how
> do I get the management stuff sync up between the two
> boxes if both firewalls are up and running?  Anyone is
> doing this?  Your comments are appricated.
>
> Yim


--
AERAsec Network Services and Security GmbH
Wagenberger Strasse 1
D-85662 Hohenbrunn, Germany
http://www.aerasec.de

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] Firewall Management HA Setup
  - From: Yim Lee <[email protected]>

References:
- [FW-1] Firewall Management HA Setup
  - From: Yim Lee <[email protected]>

Prev by Date: Re: [FW-1] Checkpoint/Nokia developing a Intel OS?
Next by Date: Re: [FW-1] VPN between NG FP3 and Cisco 3030 VPN concentrator
Prev by thread: [FW-1] Firewall Management HA Setup
Next by thread: Re: [FW-1] Firewall Management HA Setup
Index(es):
- Date
- Thread