[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Has anyone got SecurePlatform and ClusterXL to work in load sharing mode?
Look at the below limitations of cluster XL A user-authenticated connection through a cluster member will be lost if the cluster member goes down. Other synchronized cluster members will be unable to resume the connection. However, a client-authenticated connection or session-authenticated connection will not be lost. The reason for these restrictions is that VPN-1/FireWall-1 user authentication state is maintained on Security Servers, which are processes, and thus cannot besynchronized on different machines in the way that data can be synchronized. However, the state of session authentication and client authentication is stored in kernel tables, and thus can be synchronized. The state of connections using resources is maintained in a Security Server, so these connections cannot be synchronized for the same reason that user-authenticated connections cannot be synchronized. -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]]On Behalf Of Accioly, Daniel Sent: 04 Aðustos 2003 Pazartesi 17:08 To: [email protected] Subject: Re: [FW-1] Has anyone got SecurePlatform and ClusterXL to work in load sharing mode? Hi guys, We were experiencing the same issue using IP Clustering and FP3 HFA 313. When one firewall from the cluster is turned off the other one does not take over his connections if CVP is enabled. As we were experiencing some other strange issues, we performed a fresh install on the cluster using IPSO 3.7 (we were using 3.6 FCS6) and AI. The other issues were solved, we did not have time to test the load sharing with CVP yet. Did anyone else have similar problems using load sharing and HA solutions for checkpoint with CVP? Regards Daniel Accioly Rosa CCSE CISSP -----Original Message----- From: Drake, Brian [mailto:[email protected]] Sent: segunda-feira, 4 de agosto de 2003 10:45 To: [email protected] Subject: Re: [FW-1] Has anyone got SecurePlatform and ClusterXL to work in load sharing mode? We have seen it work. We are having a problem with it, but we think it is due to CVP. If we remove the resource, load sharing works fine. The only item of note is to put as few switches, between the firewalls and the next router, as possible. It does not like to pass its multicast information through too many switches. The routers will require a static arp entry as well. -----Original Message----- From: Daniel Samaan [mailto:[email protected]] Sent: Friday, August 01, 2003 3:08 PM To: [email protected] Subject: [FW-1] Has anyone got SecurePlatform and ClusterXL to work in load sharing mode? Any input provided here (positive or negative) would be appreciated. I need to know if the load sharing actually works or if it's only failover that only works. Any configuration notes will be appreciated as well. Daniel Samaan Technical Security Consultant CCSP, CCSE, CCNA, CCA, MCSE+I Cell:[email protected] --------------------------------------------------------------------- Forsythe Solutions 5440 W. Fargo Avenue Skokie, IL 60077 www.forsythesolutions.com Building cost-effective IT infrastructure that organizations trust. ---------------------------------------------------------------------------- ---------------------------------------- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the originator of the message. This footer also confirms that this email message has been scanned for the presence of computer viruses. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= **************************************************************************** ********************** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. **************************************************************************** ********************** ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|