Hi, see below
2005/6/11, Charalambos Klitiropoulos <[EMAIL PROTECTED]>: > Do you use implied rules? yes If you select View, Implied, there should be some > rules with a light green color if you do. If so, have you enabled logging > for the implied rules (Policy, Global Properties, Log Implied Rules)? What > kind of high availability solution do you use (ClusterXL, VRRP, StoneBeat)? Cluster XL HA, no Loadsharing > > On 6/11/05, Christian Franke <[EMAIL PROTECTED]> wrote: > > > > Hi, > > > > we are using checkpoint certificates and I see no drops of connects to > > the cluster-ip, only succesfull connections to the cluster member. > > > > br > > christian > > > > 2005/6/11, Reinhard Stich <[EMAIL PROTECTED]>: > > > hi, > > > > > > do you see fw1_topo connects to the cluster-IP with "accept" or "drop" > > in > > > your logs? > > > > > > check your cluster-object's interface definition... > > > > > > cheers > > > reinhard > > > > > > At 18:39 11.06.2005, you wrote: > > > >Hi, > > > > > > > >ok, actually with my cluser-ip customer cannot download the topology. > > > >With the gateway-ips it works. With my pda and a secure client, I can > > > >perform a site update and I can connect then trough the cluster-ip. > > > >All my securemote user needs to create a new site with one of the > > > >cluster-members-ip and a update of the siet failed. > > > >What do I wrong? > > > > > > > >br > > > >christian > > > > > > > >2005/6/11, Charalambos Klitiropoulos <[EMAIL PROTECTED]>: > > > > > Hello, > > > > > > > > > > the topology information is downloaded from the gateway. Normally > > > > SecuRemote > > > > > should connect to the cluster address (so that your users don't need > > to > > > > know > > > > > which one of your firewalls is active any given moment). If the > > cluster > > > > > address is virtual (.1 cluster address, .2 and .3 the address of the > > > > > firewalls) you need to configure your high availability solution so > > > > that the > > > > > active node accepts packets destined for the cluster address. > > > > > > > > > > On 6/11/05, Christian Franke <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > Hi, > > > > > > > > > > > > I am very familiar with both SecuRemote and SecurClient in a non > > HA > > > > > > environment. I need to understand how SecuRemote works in a HA > > > > > > environment. > > > > > > Here are some of the questions which would be great to have an > > answer to. > > > > > > > > > > > > 1. When setting up a site with SecuRemote which address do I use > > to > > > > > > download > > > > > > the topology (Management Station, Cluster Address, Firewall-1 > > Module > > > > > > Address)? How can I setup the adress to use for download the > > topology > > > > > > to the Cluster Adress - this doesnt work in my case, but I can > > > > > > download the topology with the first Cluster Member Adress? > > > > > > 2. When a key exchange takes place which address does the > > SecuRemote > > > > > > client talk to and where does the reply come from. > > > > > > 3. When using IKE encryption with SecuRemote the Topology can be > > > > > > downloaded from the firewall-1 module or the Management Station, > > is > > > > > > this still the case if operating in an HA environment? > > > > > > -- > > > > > > Christian Franke <[EMAIL PROTECTED]> > > > > > > -------------------------------------------------------- > > > > > > powered by Sun Java Linux Desktop > > > > > > -------------------------------------------------------- > > > > > > > > > > > > ================================================= > > > > > > To set vacation, Out-Of-Office, or away messages, > > > > > > send an email to [EMAIL PROTECTED] > > > > > > in the BODY of the email add: > > > > > > set fw-1-mailinglist nomail > > > > > > ================================================= > > > > > > To unsubscribe from this mailing list, > > > > > > please see the instructions at > > > > > > http://www.checkpoint.com/services/mailing.html > > > > > > ================================================= > > > > > > If you have any questions on how to change your > > > > > > subscription options, email > > > > > > [EMAIL PROTECTED] > > > > > > ================================================= > > > > > > > > > > > > > > > > ================================================= > > > > > To set vacation, Out-Of-Office, or away messages, > > > > > send an email to [EMAIL PROTECTED] > > > > > in the BODY of the email add: > > > > > set fw-1-mailinglist nomail > > > > > ================================================= > > > > > To unsubscribe from this mailing list, > > > > > please see the instructions at > > > > > http://www.checkpoint.com/services/mailing.html > > > > > ================================================= > > > > > If you have any questions on how to change your > > > > > subscription options, email > > > > > [EMAIL PROTECTED] > > > > > ================================================= > > > > > > > > > > > > > > > > >-- > > > >Christian Franke <[EMAIL PROTECTED]> > > > >-------------------------------------------------------- > > > > powered by Sun Java Linux Desktop > > > >-------------------------------------------------------- > > > > > > > >================================================= > > > >To set vacation, Out-Of-Office, or away messages, > > > >send an email to [EMAIL PROTECTED] > > > >in the BODY of the email add: > > > >set fw-1-mailinglist nomail > > > >================================================= > > > >To unsubscribe from this mailing list, > > > >please see the instructions at > > > >http://www.checkpoint.com/services/mailing.html > > > >================================================= > > > >If you have any questions on how to change your > > > >subscription options, email > > > >[EMAIL PROTECTED] > > > >================================================= > > > > > > -- > > > Reinhard Stich ASSIST [EMAIL PROTECTED] > > > Internet Security AG, 1150 Wien, Johnstrasse 29 > > > Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333 > > > > > > ================================================= > > > To set vacation, Out-Of-Office, or away messages, > > > send an email to [EMAIL PROTECTED] > > > in the BODY of the email add: > > > set fw-1-mailinglist nomail > > > ================================================= > > > To unsubscribe from this mailing list, > > > please see the instructions at > > > http://www.checkpoint.com/services/mailing.html > > > ================================================= > > > If you have any questions on how to change your > > > subscription options, email > > > [EMAIL PROTECTED] > > > ================================================= > > > > > > > > > -- > > Christian Franke <[EMAIL PROTECTED]> > > -------------------------------------------------------- > > powered by Sun Java Linux Desktop > > -------------------------------------------------------- > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > -- Christian Franke <[EMAIL PROTECTED]> -------------------------------------------------------- powered by Sun Java Linux Desktop -------------------------------------------------------- ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
