Hi,
We're using two SPLAT NG FP3 HFA316 with Cluster XL Load Sharing
enabled.
We're using RADIUS authentication (USER AUTH) for HTTP traffic.
User Authentication doesn't work all the times.
When it doesn't work we notice the following with network captures :
1. The user provide the cluster a login/password,
2. One node from the cluster contacts the Radius Server... But the IP
source of the packet is the one of the cluster (!) and not the real
IP address of the node (of course we have to add this IP address in
the authorized clients section of the RADIUS configuration file).
3. Radius server ansers to the IP of the cluster.
4. Load Balancing occurs because of the IP destination of this packet
: the cluster IP...
5. And unfortunately, the second node get the packet for which it
doesn't have any information...
Do you know how to prevent Check Point hiding behind the cluster IP
firewall originated packets ?
Regards.
--
[EMAIL PROTECTED] Cyber Networks France
http://www.freebsd.org http://www.cyber-networks.fr
PGP Key fingerprint = 9AEA 910F CB46 C39B 89EE EF4C 68AC 2AF1 CF17 3713
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xCF173713
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
