The license you need is CPFW-CC-1. It lists for $8,000 per-gateway. You might want to checkout AppDirector from Radware. http://www.radware.com/content/products/appdirector/default.asp
You can set up a health check to, for example: 1. ping 'this' and 'that' and 'those' addresses 2. https to 'that' server. 3. login to 'that' server with a 'this' test account. 4. run 'this' query against 'that' BE database. You can set it so if any of those health checks fail, then failover. Regards, Neil Delacruz On 7/18/06, Khan, Irfan <[EMAIL PROTECTED]> wrote:
Connect Control module license is not included with regular Checkpoint License. You will have to buy connect Control Module license to use this capability. Although it has very limited capabilities as compared to other load sharing products. Thanks, -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Chris McGill Sent: Tuesday, July 18, 2006 12:41 PM To: [email protected] Subject: Re: [FW-1] ConnectControl What have you set the logical server type to for http traffic (http or other)? HTTP type requires you to setup a static NAT tranlation for each web server as after inital connection and additional communication is direct from the web client to the web server. Where as other uses NAT to mediate all communication. In terms of your static ARP setups, I assume that the web servers are located within the DMZ, directly connected to your enfrocement module, then this is not necessary as this information will be automatically populated when your system ARP broadcasts for the holder of that IP. And if you are hosting the web servers in another subnet using the other type logical server, your mac addresses are not relevant to your enforcement module. I thank your issue is NAT. Also, I am not a big fan of connectcontrol as it does not scale or have the monitoring capabilities I would like, have a look at F5 BigIP, or StoneBeat FullCluster. However, if you have already paid for a licence, then :( -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, i want to configure connectControl in SecurePlatform. So i have a rule soucre: ANY Destination:LogicalServer(Public IP, with group of two web servers). The problem is that i don't have to do a static nat because i have two web servers the firewall don't have an arp entry to the web servers. But if i create a arp entry it doesn't work... may be i am doing something wrong, thanks... - -- Saludos, Alvaro -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQEVAwUBRL0CXMXBZiD6GXNyAQiU8Af/YeL5A1lLlsp11bpaTA3My/ImbtzGQCeS TUSmY3E/TD9nLkpfwJu2KEZkslggwfHkmPUV+j52IxqWErzctOTbsLLsqDwvqGWx S2TvP+3yBvgHEZT8ReNPz9qi6wzncNQLXhyyOhEbf+P34qR6f6Cbf8VhHEvPeLwJ SGjCft+QbH4kDh0JI7QGcUykf9Lpn7gdSkoi0LF0+7blVI0TO09YUBK9+XmcD2nM QIUUOKbJvMcqpRC3ojPtGLoxALjfxGZzVWpKAMxodvQWUE7NX53sd7LQokkAA3BZ Op/AjZLfAT1KJFObIR1qawEiBAoW1AhOpXq527jsuQPLMDonII79sA== =3OVr -----END PGP SIGNATURE----- ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. Phoenix IT Group plc Registered in England no. 3476115 Phoenix IT Services Limited Registered in England no. 1466217 Trend Network Services Registered in England no. 1049704 Registered offices: Technology House, Hunsbury Hill Avenue, Northampton NN4 8QS ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
