Hi all, We plan to replace a standalone installation (IP440 RG55) with two IP380 running IPSO clustering (probably 3.8). For the moment we have not decided the cluster mode they'll use: forwarding mode or multicast (with or without IGMP snooping).
My first question is about the multi-addressed interfaces. Currently the outside interface (facing Internet) on the IP440 is multi-addressed and we would prefer keeping this design on the new cluster. According to the resolution 15931 this is possible only by using 802.1q VLAN tagged interfaces but the resolution is not very clear. What are limitations ? 1/ If my outside interface is multi-addressed with 802.1q vlan, it implies it will belong to two vlans, but what about the cluster IP addresses? The cluster will have one IP cluster address per logical addresses? Example: Firewall A: Outside IP addresses 10.1.1.1 and 192.168.1.1 Firewall B: Outside IP addresses 10.1.1.2 and 192.1.1.2 Cluster: Outside IP addresses ?????????????????? 10.1.1.10 AND 192.1.1.210 ????????? If someone could provide a feedback running such configuration.... 2/ we plan to use this cluster as a VPN gateway (for site to side and client to site), remote peers will be PIX firewall based, is it possible? I am right for each PIX remote peer address will be the outside cluster IP address? Thanks ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
