[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] Firewall Management HA Setup
Matthias, thanks for your reply. Forgot to mention
that I am still in 4.1. Can I do this with 4.1?
Yim
--- Matthias Leu <[email protected]> wrote:
> Hi Yim,
> first of all you will need a license for this
> feature. Then, the
> Managements have to be installed on separate
> machines, without Firewall.
> Then, it works quite fine.
>
> The configuration is like
> - Install Management on a separate machine selecting
> "secondary
> management server"
> - Copy from $FWDIR/conf/ from primrary to secondary
> management:
> internalCa.p12
> internalCA.NDB*
> internalCA.crl
> ICA.crl
> - On the primary Management define the secondary as
> a Check Point, Host,
> and select as installed product "secondary
> Management".
> - Set up SIC with AuthPasswords
> - Install/save the rulebase
> - To synchronize select Policy, Management HA, Peer
> Status
> Then select synchronize
> - Define the secondary Management as Master of your
> Firewalls, too.
>
> You can synchronize manually or automatically then.
> And, it doens't
> matter, which Management you use. But, you will need
> two machines
> without Firewall installed - just the Management. If
> you can't separate,
> maybe a backup by script will do also.
>
> Hope it helps,
> best regards,
> Matthias
> http://www.fw-1.de
>
> Yim Lee wrote:
> > I have a pair of Nokia 530 doing firewall
> management
> > and gateway. Currently, I have the Nokia in a
> > primary/standby mode and sync all the changes from
> the
> > primary to the standby each night. I would like
> to
> > move both boxes to a VRRP HA pair. My question is
> how
> > do I get the management stuff sync up between the
> two
> > boxes if both firewalls are up and running?
> Anyone is
> > doing this? Your comments are appricated.
> >
> > Yim
>
>
> --
> AERAsec Network Services and Security GmbH
> Wagenberger Strasse 1
> D-85662 Hohenbrunn, Germany
> http://www.aerasec.de
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
__________________________________________________
Do you Yahoo!?
Yahoo! Web Hosting - Let the expert host your site
http://webhosting.yahoo.com
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================