Hi, we are using checkpoint certificates and I see no drops of connects to the cluster-ip, only succesfull connections to the cluster member.
br christian 2005/6/11, Reinhard Stich <[EMAIL PROTECTED]>: > hi, > > do you see fw1_topo connects to the cluster-IP with "accept" or "drop" in > your logs? > > check your cluster-object's interface definition... > > cheers > reinhard > > At 18:39 11.06.2005, you wrote: > >Hi, > > > >ok, actually with my cluser-ip customer cannot download the topology. > >With the gateway-ips it works. With my pda and a secure client, I can > >perform a site update and I can connect then trough the cluster-ip. > >All my securemote user needs to create a new site with one of the > >cluster-members-ip and a update of the siet failed. > >What do I wrong? > > > >br > >christian > > > >2005/6/11, Charalambos Klitiropoulos <[EMAIL PROTECTED]>: > > > Hello, > > > > > > the topology information is downloaded from the gateway. Normally > > SecuRemote > > > should connect to the cluster address (so that your users don't need to > > know > > > which one of your firewalls is active any given moment). If the cluster > > > address is virtual (.1 cluster address, .2 and .3 the address of the > > > firewalls) you need to configure your high availability solution so > > that the > > > active node accepts packets destined for the cluster address. > > > > > > On 6/11/05, Christian Franke <[EMAIL PROTECTED]> wrote: > > > > > > > > Hi, > > > > > > > > I am very familiar with both SecuRemote and SecurClient in a non HA > > > > environment. I need to understand how SecuRemote works in a HA > > > > environment. > > > > Here are some of the questions which would be great to have an answer > > > > to. > > > > > > > > 1. When setting up a site with SecuRemote which address do I use to > > > > download > > > > the topology (Management Station, Cluster Address, Firewall-1 Module > > > > Address)? How can I setup the adress to use for download the topology > > > > to the Cluster Adress - this doesnt work in my case, but I can > > > > download the topology with the first Cluster Member Adress? > > > > 2. When a key exchange takes place which address does the SecuRemote > > > > client talk to and where does the reply come from. > > > > 3. When using IKE encryption with SecuRemote the Topology can be > > > > downloaded from the firewall-1 module or the Management Station, is > > > > this still the case if operating in an HA environment? > > > > -- > > > > Christian Franke <[EMAIL PROTECTED]> > > > > -------------------------------------------------------- > > > > powered by Sun Java Linux Desktop > > > > -------------------------------------------------------- > > > > > > > > ================================================= > > > > To set vacation, Out-Of-Office, or away messages, > > > > send an email to [EMAIL PROTECTED] > > > > in the BODY of the email add: > > > > set fw-1-mailinglist nomail > > > > ================================================= > > > > To unsubscribe from this mailing list, > > > > please see the instructions at > > > > http://www.checkpoint.com/services/mailing.html > > > > ================================================= > > > > If you have any questions on how to change your > > > > subscription options, email > > > > [EMAIL PROTECTED] > > > > ================================================= > > > > > > > > > > ================================================= > > > To set vacation, Out-Of-Office, or away messages, > > > send an email to [EMAIL PROTECTED] > > > in the BODY of the email add: > > > set fw-1-mailinglist nomail > > > ================================================= > > > To unsubscribe from this mailing list, > > > please see the instructions at > > > http://www.checkpoint.com/services/mailing.html > > > ================================================= > > > If you have any questions on how to change your > > > subscription options, email > > > [EMAIL PROTECTED] > > > ================================================= > > > > > > > > >-- > >Christian Franke <[EMAIL PROTECTED]> > >-------------------------------------------------------- > > powered by Sun Java Linux Desktop > >-------------------------------------------------------- > > > >================================================= > >To set vacation, Out-Of-Office, or away messages, > >send an email to [EMAIL PROTECTED] > >in the BODY of the email add: > >set fw-1-mailinglist nomail > >================================================= > >To unsubscribe from this mailing list, > >please see the instructions at > >http://www.checkpoint.com/services/mailing.html > >================================================= > >If you have any questions on how to change your > >subscription options, email > >[EMAIL PROTECTED] > >================================================= > > -- > Reinhard Stich ASSIST [EMAIL PROTECTED] > Internet Security AG, 1150 Wien, Johnstrasse 29 > Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333 > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > -- Christian Franke <[EMAIL PROTECTED]> -------------------------------------------------------- powered by Sun Java Linux Desktop -------------------------------------------------------- ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
