I would think if the boxes are on the same rev of checkpoint and they are setup in a cluster then they should sync without issue, but I haven't tested....
Derek O'Flynn -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of James Lee Bell Sent: Friday, November 19, 2004 1:35 AM To: [EMAIL PROTECTED] Subject: Re: [FW-1] State Sync Between FW-1 Versions I have a similar question that I'm just starting dig into and test. I've got an HA Nokia IP-530 pair running R55, and I've run out of capacity. Rather than doing a drop in replacement with a rather expensive pair of IP-1260's, I'm looking at replacing them with a pair of Dell PE 2850's plus Intel pro MT 1000 quad port cards running Splat. I realize that vrrp and clusterxl are completely different and that keeping a splat box from attempting to assume master will involve not plugging in interfaces until ready to shut off the last Nokia. Has anyone ever tried to get sync tables between ipso residing box and splat box? Is the idea to even try nuts? If this isn't feasible, is there not a Dashboard resident setting that an NG AI equivalent to "fw_allow_out_of_state_tcp"? I seem to remember a setting whereby I might be able to set firewall to take "out-of-state" packets and compare them against the rulebase. This would allow me to perform what would be a connection dropping swap out from Nokia to Splat box without dropping connections but allowing them to populate state table, and then later once completely on pair of splats, reenable stateful enforcement. Am I dreaming that I saw that??? Crist Clark wrote: > I know that state synchronization between different versions of > FW-1 is not supported. However, that does not necessarily mean > that it won't work between very similar versions. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
