-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dennis Breithaupt <[EMAIL PROTECTED]> wrote: > > >> "Hide Cluster Member's outgoing traffic behind the Cluster's IP > >> Address". > > > > I always turn off this setting. > > That sounds interesting! The only reason in my opinion to turn this > on is because auf SR/SC-client connects, because the RDP-probing, ESP > and ISAKMP would be destined to and from the VRRP-IP.
This traffic operates independently of the "Hide traffic" setting named above. If your VPN's specify the Cluster Object as their endpoint, then the cluster IP will be used for these connections regardless of whether you perform Hide NAT at all. The mentioned setting only affects traffic originated by the OS running on the cluster members, as far as I can tell. And I still cannot conceive of a reason why that traffic ought to be hidden behind the cluster IP. It means that the secondary firewall can never receive anything. I have never discussed this with Checkpoint, but we have many sites in operation with this setting disabled, and we are happy. - -- David DeSimone == Network Admin == [EMAIL PROTECTED] "It took me fifteen years to discover that I had no talent for writing, but I couldn't give it up because by that time I was too famous. -- Robert Benchley -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFGnSXqFSrKRjX5eCoRAo35AJwNKDf+ARpzvQkPgiMqJxLe6OdbLQCeJNR2 fDVDqHJp4CkyFZC7fgr8gds= =Cz35 -----END PGP SIGNATURE----- ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
