hi,
At 14:34 11.06.2005, you wrote:
Hi,
I am very familiar with both SecuRemote and SecurClient in a non HA
environment. I need to understand how SecuRemote works in a HA environment.
Here are some of the questions which would be great to have an answer to.
1. When setting up a site with SecuRemote which address do I use to download
the topology (Management Station, Cluster Address, Firewall-1 Module
Address)?
fw1 cluster address. the mgmt station was used in 4.0 and early 4.1 times,
since 4.1 SP2 (I think) you don't need any access from the internet to your
mgmt-station normally.
How can I setup the adress to use for download the topology
to the Cluster Adress - this doesnt work in my case, but I can
download the topology with the first Cluster Member Adress?
well, with VRRP this works automatically, also with clusterXL. do you see
any drops to the cluster IP? maybe your anti-spoofing or
interface-definition is not perfect.
2. When a key exchange takes place which address does the SecuRemote
client talk to and where does the reply come from.
normalle the cluster-IP.
3. When using IKE encryption with SecuRemote the Topology can be
downloaded from the firewall-1 module or the Management Station, is
this still the case if operating in an HA environment?
you should do the topology-download from the cluster-IP.
cheers
reinhard
--
Christian Franke <[EMAIL PROTECTED]>
--------------------------------------------------------
powered by Sun Java Linux Desktop
--------------------------------------------------------
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
--
Reinhard Stich ASSIST [EMAIL PROTECTED]
Internet Security AG, 1150 Wien, Johnstrasse 29
Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
