| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] Creating a Cluster Object in Checkpoint NG+AI
- To: [email protected]
- Subject: Re: [FW-1] Creating a Cluster Object in Checkpoint NG+AI
- From: "Tumarinson, Max" <[email protected]>
- Date: Mon, 15 Sep 2003 09:11:53 -0400
- Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
- Thread-index: AcN6KAy/5iFkbP6uRomlDy/8WS20LgBYkABg
- Thread-topic: [FW-1] Creating a Cluster Object in Checkpoint NG+AI
I figured out the problem.
- Under each cluster member open up the topology section.
- On the sync network double click the network and this will open up a Interface properties windows.
- De-select "Cluster Interface"
- An Topology tab will appear and make sure the anti-spoofing is defined correct.
- Make sure that anti-spoofing is defined for internal and have selected "network defined by interface and net mask", and Perform Anti-spoofing is selected.
- Close the window and make sure the same is done on the other cluster member.
- Close the cluster, and save the Policy
- Re-push policy to the Cluster.
- Also make sure that your have in Cluster Topology your have Internal and External VRRP addresses and anti-spoofing configured otherwise you will get anti-spoofing log entries and will not be able to connect to cluster.
-----Original Message-----
From: Sunjo [mailto:[email protected]]
Sent: Saturday, September 13, 2003 2:42 PM
To: [email protected]
Subject: Re: [FW-1] Creating a Cluster Object in Checkpoint NG+AI
Hi,
Make sure the following
1) U have created a seperate netwook for Cluster
2) U have created a seperate network for firewall sync
3) Do not add the firewall sync interface under the cluster object topology..
4) as u said u need to configure the third party as OPSEC only for cluster..
I hope this shud work..
Cheers
"Tumarinson, Max" <[email protected]> wrote:
I am having a problem adding gateways to the cluster object that I created. I am running Nokia in VRRP mode and IPSO 3.7. When I add two gateways to the cluster and in 3rd Party Configuration Nokia VRRP is selected as a 3rd Party Solution I get the following warning message.
Interface "eth1c0" of cluster member "member name" is marked as shared cluster, however its IP doesn't belong to any of the Member networks of the cluster's interface.
-To mark it as private interface of the cluster, uncheck "Cluster Interface."
-To mark it as a shared interface, change its ip address to be in the corresponding cluster Interface member network.
Leave it as is will cause it to be treated as a private interface of a member.
When I select in 3rd Party Configuration OSPEC I do not get this warning message.
Did anybody else see this before and does anybody know what causing this warning message to pop up.
Thanks
Max
***************************************************************************
This message contains confidential information and is intended only
for the individual named. If you are not the named addressee you
should not disseminate, distribute or copy this e-mail or its attachments.
Please notify the sender immediately by e-mail if you have received this
e-mail by mistake and delete this e-mail from your system.
E-mail transmission cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed,
arrive late or incomplete, or contain viruses. Amalgamated Bank therefore
does not accept liability for any errors or omissions in the contents of
this message which arise as a result of e-mail transmission. If
verification is required please request a hard-copy version.
******************************************************************************
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
---------------------------------
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
|
|
