Hi! -Reset SIC at the FW-Modules. -Build FW-Object at the new Mgmt-Server -Initialize SIC -Configure FW-Object at Mgmt-Server -Install Policy
:-) The FW-Object at the old Mgmt-Server should be deleted afterwards. Regards Thomas Kunz -----Ursprungliche Nachricht----- Von: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] Auftrag von Ray Pesek Gesendet: Dienstag, 27. Januar 2004 01:23 An: [EMAIL PROTECTED] Betreff: Re: [FW-1] Managing two firewalls from one station - any gotchas? Thanks, Derek. The major issue I have right now is how to tell the IP120 that it is going to be managed from a different server. I cannot figure out what I need to do with SmartUpdate to change the IP120 from its current management server to the new one. I found all sorts of articles but none address moving an enforcement module from one management server to another. Any ideasa would be freatly appreciated! Ray Pesek, CISSP >From: "O'Flynn, Derek" <[EMAIL PROTECTED]> >Reply-To: Mailing list for discussion of Firewall-1 ><[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: Re: [FW-1] Managing two firewalls from one station - any gotchas? >Date: Mon, 26 Jan 2004 12:37:19 -0600 > >I have a very similar situation. I have my main firewalls (crossbeam x40) >and a departmental firewall (IP120). > >I manage them from the same SmartCenter. In SmartCenter you can specify >the >install targets of the policy. > >I have two policies. One for the mains, and one for the IP120. Only thing >that aggravates me is that you have to define the objects all in >Smartcenter >regardless of the policy loaded, so these are going to get replicated to >both firewalls. The policy install time on the IP120 takes a bit. > >It works well enough. We did run into one problem, where the IP 120 is >inside the encryption domain of the mains. And VPN was configured on the >IP120 it messed up SecuRemote (overlapping encryption domain). Two >solutions to this (that I know about). Remove the subnet for the IP120 >from >the mains encryption domain, or remove VPN on the Smartcenter IP120 object. >We chose the latter. > >I'm running FP3 HFA317, Floodgate FP3 on the mains, and FP3 on IP120. > >Hope this helps, >Derek > > >-----Original Message----- >From: Ray Pesek [mailto:[EMAIL PROTECTED] >Sent: Saturday, January 24, 2004 6:54 AM >To: [EMAIL PROTECTED] >Subject: [FW-1] Managing two firewalls from one station - any gotchas? > >Hi, > >We currently have our main firewall and a little IP120, both being managed >by separate management servers. We want to free up the server that's >controlling the IP120 and manage it as well from the one used by the main >firewall. I was hoping anyone who experienced a problem with this >arrangement could chime in so we can be aware of any issues before we make >the change (such as installing the wrong policy on the wrong enforecment >module, unexpected interactions, etc.) > >The main management station is already on NG AI R55 so there shouldn't be >any version issues. The IP120 is on NG FP3 and we'll be upgrading it after >we make the move. > >Thanks, > >Ray Pesek, CISSP > >_________________________________________________________________ >Check out the coupons and bargains on MSN Offers! >http://shopping.msn.com/softcontent/softcontent.aspx?scmId=1418 > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= _________________________________________________________________ Learn how to choose, serve, and enjoy wine at Wine @ MSN. http://wine.msn.com/ ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
