| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] Suggestions for how to manage cold standby server.
- To: [email protected]
- Subject: Re: [FW-1] Suggestions for how to manage cold standby server.
- From: Hal Dorsman <[email protected]>
- Date: Fri, 14 Feb 2003 11:16:56 -0700
- Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
- Thread-index: AcLUM3rSOg2yWJjeTXy/67AQXDpjKAABmR6wAAaqm2A=
- Thread-topic: Re: [FW-1] Suggestions for how to manage cold standby server.
OK. I got it working. I was just doing stupid stuff getting my
motif license installed. (God I hate it when I do stupid stuff!).
I just numbered my hme0 with 10.1.3.1 (outside or normally used range
but within our netmask). Set up all the qfe's exactly like the
primary. Copied everything over in conf, and all seems happy. I
can reach the secondary via the hme and run the gui's. Now all
I need to do is test it when no one is around to complain ;)
Thanks for the suggestions.
Hal
Hal Dorsman
Network Administrator
Rocky Mountain Elk Foundation
Missoula, Montana USA
[email protected]> -----Original Message-----
> From: Hal Dorsman
> Sent: Friday, February 14, 2003 8:12 AM
> To: [email protected]
> Subject: Re: [FW-1] Suggestions for how to manage cold standby server.
>
>
> Sorry, guess I don't explain myself well trying to be
> brief. I only want it accessible remotely for remote
> maintenance. Being able to back up my active config
> and push it out to my secondary so it is always updated.
> In a previous 4.1 env I was able to do this easily as
> the license was tied to the outside IP. I just had my
> primary internal numbered 10.0.0.1, and my secondary
> was 10.1.1.1, which was on the hme0. I could back up
> and push out the primary policy to the secondary which
> had all the qfe interaces defined exactly the same. To
> fail over, all I had to do was rename hostname.hme0 so
> that FW1 didn't try to configure it as an active IF, then
> reboot. By the time the thing had completed the shutdown,
> I could be back in the server room and move wires. The
> secondary would boot back up with exactly the same IF
> definition and FW configuration and we'ld be up and running.
> Now, NG seems to have the licensed tied to the internal
> (is this an option, or new rule?). I am having problems
> getting the license to be happy, and getting my box on
> my network so I can ssh to it and run the Policy editor to
> it. The most logical solution I can think of is to daisy
> chain the secondary off the primary via the hme's, and
> get to it via routing through my primary. Haven't tried
> it yet, seems like kinda a pain. It was so easy under
> 4.1.
>
> Thanks,
>
> Hal
>
> Hal Dorsman
> Network Administrator
> Rocky Mountain Elk Foundation
> Missoula, Montana USA
> [email protected]
>>
>
> > -----Original Message-----
> > From: Joe Matusiewicz [mailto:[email protected]]
> > Sent: Friday, February 14, 2003 6:43 AM
> > To: [email protected]
> > Subject: Re: [FW-1] Suggestions for how to manage cold
> standby server.
> >
> >
> > I'm not sure what you mean by having a cold standby firewall
> > that you would
> > use for remote access.
> >
> > My cold standby server is an exact replica of my active one
> > including ip
> > addresses, static routes, etc. It's always online but it is
> > not connected
> > to the network. It takes about 10 seconds to switch to the
> > backup and be
> > up and running. This is because of the time it takes to
> > switch the wires
> > and the time for the backup to announce its presence on the network.
> >
> > Hope this helps....
> >
> >
> > -- Joe
> >
> >
> > At 04:54 PM 2/13/03, Hal Dorsman wrote:
> > >How does everyone manage a second cold standby
> > >firewall? One that you would want to keep on
> > >your internal network for remote access. With the
> > >licenses now being tied to the internal IP, you
> > >get conflicts if you try to put it on the same net.
> >
> > =================================================
> > To set vacation, Out Of Office, or away messages,
> > send an email to [email protected]
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > [email protected]
> > =================================================
> >
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
|
|
