Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Clustering Nokia IP530s, CheckPoint NG, and Cisco switch

To: [email protected]
Subject: [FW-1] Clustering Nokia IP530s, CheckPoint NG, and Cisco switch
From: Sandra Iveth Amador Garcia <[email protected]>
Date: Wed, 27 Aug 2003 13:10:53 -0700
Comments: To: [email protected]
Importance: Normal
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Greetings gurus!

We are trying to implement one IP cluster but the results has no been
complete successfully, here is the enviroment and platform information.

Using Catalys 4507R as the Network core Switch
Using 1 Hub to connect the sync interfaces

2 Nokia IP530   with  IPSO 3.6 FCS7

Checkpoint FP3 HF1 in both firewalls

distributed installation, just one smarcenter server.

 The configuration for IP clustering was made using the
ipso3.6_fp3_v2.0 HA.pdf, that is in the digital migrations web site.

Status:

*Both gateways were synchronizated using  NTP  (successfully)
*IP Clustering using voyager, were obtained one master and one
member(successfully)
*Check Point Cluster configuration on the smartcenter server,
(successfully)
*the licenses were re installed on Check Point Cluster using smart
update, the the cluster was able to receive policy installation from the
smartcenter server, the policy was installed . (successfully)
*Check Point Cluster service was verified using "Smart view Status"
(successfully)

 Problem Detected:

just the internal and DMZ VRID can be reached trough "ping" but not the
external VRID , other problem is that the internal router IP address
cannot be reached by the firewall, by the way all the internal clients
cannot reach the internet.

 Questions:

1)      What about the physical addresses (MAC) that the Internet Router
needs to know the firewall? which IP addres must be registered for each
MAC, or separated each one with owns IP and MAC ? or  External VRID for
both MAC addresses?

2)      Any suggestion?

We xpect that you can help us. =)

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] [fw1-gurus] Clustering Nokia IP530s, CheckPoint NG, and Cisco switch
  - From: Deniz CEVIK <[email protected]>

Prev by Date: [FW-1] NG-AI: FTP URI, NAT, WORM Catcher
Next by Date: Re: [FW-1] upgrade to fp3 and IPSO
Previous by thread: [FW-1] NG-AI: FTP URI, NAT, WORM Catcher
Next by thread: Re: [FW-1] [fw1-gurus] Clustering Nokia IP530s, CheckPoint NG, and Cisco switch
Index(es):
- Date
- Thread