Hi,
How many new boxes you have? Instead of trying to setup an existing
server in to HA mode, why not you prepare a new set of HA cluster, configure
the firewall including HA and manually copy all the policies from your
existing live firewall in to the new firewall cluster. In real life
scenario, we shouldn't disturb a live firewall at all especially if we have
only a single node. Bear in mind that, if you opt for HA mode, you must
(strongly recommended) to use the same set of hardware specifications. If
not, you will face a couple of strange problems later. All your existing
policies may need some adjustment when putting in to HA firewall cluster and
it is not like putting the existing policies from single node firewall into
HA cluster firewall.
How to prepare a new set of HA firewall cluster without touching the
existing firewall? Easy, just setup HA cluster on a separate network which
not connected to your live network of course. Set it up similar to your
existing network; 2 firewall node (one HA cluster) + management server with
real IPs used in your network. Manually copy all policies from your existing
firewall (you may need to make certain adjustment though) to your new HA
cluster. Test out the HA mode, when it ready you just switch from the old
firewall into your new HA firewall cluster.
That's all.
Regards,
Alex
----- Original Message -----
From: "Tom Brown" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, November 18, 2004 10:50 PM
Subject: [FW-1] Single node AI R55 - to - HA
Hi
I have a single node AI R55 install that also runs the management server.
I
have a couple of new boxes and i'm going to install these into a HA
cluster
with the management of these runnong off my management server here. The
management server will be linux (perhaps SPLAT later) and the HA nodes
will
be SPLAT.
I need advise though.
How can i get the policy off the current single node setup and onto the
existing management server i have here? I guess i'll have to create a new
policy etc and puch this to the new servers but i have no idea about how
to
go about getting the config and rulebase off the current setup. Also the
new
HA setup will not be contactable from the existing management server until
i
put them live. This is due to the fact that the networks involved are
currently live and this setup will replace the existing setup. I could
setup
a private network with all the correct IP's etc but how would i get the
new
objects/policy onto the existing management server?
thanks ad i hope this makes sense!!
Tom
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
