Don't use the colon in the FW interface name. For example use "eth0_0". See sk25674 for more info.
> -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] On Behalf > Of James Lee Bell > Sent: Friday, June 10, 2005 2:23 AM > To: [email protected] > Subject: [FW-1] Splat and subinterfaces > > This is probably a rhetorical question, but why does Checkpoint allow > the usage of subinterfaces in SPLAT if the Checkpoint software can't > handle their usage??? > > - SPLAT, like all linux, has subinterfaces available, of the format > eth#:#. That way you can have multiple IP's on the same > physical interface. > - Checkpoint Dashboard cannot see the subint's in a GET request, and > cannot handle colons in interface names when defining topology. > - This renders the usage of subinterfaces in a ClusterXL pair invalid > and and apparently impossible. > > Has anyone managed to set up SPLAT-ClusterXL-HA pair with multiple > virtual IP's per physical interface without rearchitecting and using > VLANs (just a tad hard with an enterprise DMZ with 350+ hosts in it)? > > I'm doing it in IPSO, just because ipso is doing the heavy lifting of > virtual ip setups. I wanted to move to SPLAT and ClusuterXL, since my > poor little IP530s are becoming horrendously underpowered, but this > environment has grown organically in the past, and I've got interfaces > with multiple subnets on them. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
