Yoed,
Yes, this is the normal behaviour if your configuration is hot standby and not load sharing.
BTW: I'm working with Check Point Support on a SR where hot standby members (R55) send the packets (NTP) with the cluster IP. This causes troubles because the reply packets are sent to the active member which drops the packet.
Check Point confirmed that the outgoing packets from the standby nodes are handled through cluster tcp streaming... but should not... They are still analysing the debugs.
There is an option for load sharing clusters to use the physical ip. This does also work if your hot standby cluster.
cheers, markus
remember me?
Markus Hofbauer, Technical Services | IT-Security Bacher Systems EDV GmbH, Wienerbergstr. 11B, A-1101 Wien, Austria phone: +43 (1) 60 126-34 | fax: +43 (1) 60 126-4 e-mail: [EMAIL PROTECTED] | web: www.bacher.at
Fast Yoed-BYF017 wrote:
Hi guys,
I have some SecureClient users who are opening connection to my ClusterXL FireWall. The authentication for these users is by a RADIUS server.
When the ClusterXL communicates with the RADIUS server, it sends packets from the physical address of the module, and not the VIP.
Does anyone know if this is the normal behavior?
Thanks, Yoed
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
