are both firewalls (4.1 and R55) managed with the same mgmt-station?
or are both of them locally managed?
cheers
reinhard
At 22:19 13.07.2005, you wrote:
I do not remember if your configuration (4.1 with NG R55) is supported, but
here is how MEP works.
When MEP is configured for two gateways, both of them will be used by
SecuRemote/SecureClient. When a user tries to connect, the vpn client will
'ping' and will create the vpn tunnel with whoever gateway answers first. In
case of a failure the vpn client will switch to the second firewall (the one
that was not as fast) and will create a new vpn tunnel. There is an option
in NGX where you can set the preferred gateway.
So, let's say that you implement MEP. Your users will need to update their
topology info so that SecuRemote/SecureClient software will be aware of your
MEP configuration (and where to find the two gateways). If you take off-line
the old firewall, then all clients will use the new one, simply because the
old one will not be there to answer to the client's ping packets. Then you
can have your users to do another 'update topology' just to have the current
info.
On 7/13/05, Mercier, Bernard <[EMAIL PROTECTED]> wrote:
>
> Hello,
>
> My plan was to have them coexist for a time then remove the VPN-1
4.1after all VPNs and functions are transfered to the NG R55.
>
> thanks
> Bernard
>
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:[EMAIL PROTECTED] Behalf Of Reinhard
> Stich
> Sent: Wednesday, July 13, 2005 7:07 AM
> To: [email protected]
> Subject: Re: [FW-1] MEP Configuration Questions
>
>
> hi,
>
> are both firewalls managed from the same mgmt-server? only if this is the
> case you can use what checkpoint calls MEP.
>
> or do you just want to move from one firewall to another one?
>
> cheers
> reinhard
>
> At 12:41 13.07.2005, you wrote:
> >Hello,
> >
> >I have two Nokia IP330 that I would like to setup in a MEP configuration.
> >The online firewall has VPN-1 4.1 SP5 installed. The second firewall has
> >NG R55 installed. On the second firewall I've created all the objects
> >found on the live system. Can I setup the second firewall to be part of
> >the encryption domain without affecting the live system? Can I safely
> >transfer Site-to-Site VPNs to the second firewall without affecting the
> >other services running on the live system? Is there any good
> documentation
> >available to help setup this?
> >
> >Thank You,
> >
> >=================================================
> >To set vacation, Out-Of-Office, or away messages,
> >send an email to [EMAIL PROTECTED]
> >in the BODY of the email add:
> >set fw-1-mailinglist nomail
> >=================================================
> >To unsubscribe from this mailing list,
> >please see the instructions at
> >http://www.checkpoint.com/services/mailing.html
> >=================================================
> >If you have any questions on how to change your
> >subscription options, email
> >[EMAIL PROTECTED]
> >=================================================
>
> --
> Reinhard Stich ASSIST [EMAIL PROTECTED]
> Internet Security AG, 1150 Wien, Johnstrasse 29
> Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to [EMAIL PROTECTED]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [EMAIL PROTECTED]
> =================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to [EMAIL PROTECTED]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [EMAIL PROTECTED]
> =================================================
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
--
Reinhard Stich ASSIST [EMAIL PROTECTED]
Internet Security AG, 1150 Wien, Johnstrasse 29
Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
