Yes. ClusterXL uses UDP port 8116 on all interfaces, between firewalls, to
make sure that everything is still OK. They are on separate VLAN's,
remember, so the synch network on one firewall would have no way of knowing
if your Internet NIC was wrong on the other firewall.
Also, you must keep in mind that state synch and ClusterXL are two
*totally* different things. State synch is used for just that; state synch.
ClusterXL is used for HA, load balancing, what have you. You could turn on
state synch without any HA, although it wouldn't make much sense. (There
may be a reason, but I've never had one , anyway.)
Regards,
Matt Goddard
Security Information Team
Schneider National
920-592-4787
[EMAIL PROTECTED]
|---------+-------------------------------------------->
| | hong anh doan |
| | <[EMAIL PROTECTED]> |
| | Sent by: Mailing list for |
| | discussion of Firewall-1 |
| | <[EMAIL PROTECTED]|
| | KPOINT.COM> |
| | |
| | |
| | 10/07/2004 02:05 AM |
| | Please respond to Mailing list |
| | for discussion of Firewall-1 |
| | |
|---------+-------------------------------------------->
>----------------------------------------------------------------------------------------------|
|
|
| To: [EMAIL PROTECTED] |
| cc:
|
| Subject: [FW-1] ClusterXL problem ! Help Help
|
>----------------------------------------------------------------------------------------------|
Hi every body !
I'm using Check Point R55 CluseterXL on Sun 8, each Cluster Member have 3
NIC Card to connect to 3 VLAN on 3 network as follow :
I've defined a sync network (172.17.5.0/24) userd for synchoronization,
management network (172.17.240.0/24 ), and one for internet(172.17.208.0/24
).
But when i used Ethreal program to capture packet on the VLan on
management network, i see the packet of CPHA protocol run on UDP port 8116,
and i thinks these packet must appear only in synchoronization network, but
these packet appear in all network. Is it right when i configure the
ClusterXL?
output :
No. Time Source Destination Protocol
Info
1 0.000000 0.0.0.0 172.17.5.0 CPHA
CPHAv541: FWHAP_SYNC
2 0.000070 0.0.0.0 172.17.5.0 CPHA
CPHAv541: FWHA_IF_PROBE_REQ
3 0.000211 0.0.0.0 172.17.208.0 CPHA
CPHAv541: FWHA_IF_PROBE_REQ
4 0.000381 0.0.0.0 172.17.240.0 CPHA
CPHAv541: FWHA_IF_PROBE_REQ
5 0.000532 0.0.0.0 172.16.8.32 CPHA
CPHAv541: FWHA_MY_STATE
6 0.000603 0.0.0.0 172.17.208.0 CPHA
CPHAv541: FWHA_MY_STATE
Thanks very much!
Hong Anh
---------------------------------
Do you Yahoo!?
Yahoo! Mail - You care about security. So do we.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
