I have a scenario:
hostX is a linux server sitting behind a pair of SPLAT
firewall NG-AI R55 with HFA_20 running ClusterXL
in Active/Active load-sharing unicast mode. The
lost is 30% for the Pivot mode member and 70%
for the non-pivot member
hostY sits outside the firewall and trying to download
files 100GB via Secure Copy (SCP aka SSH) from
hostX. I am seeing scp traffics going across both
firewalls.
I am trying to run tcpdump to capture this scp
traffics. Does it mean I need to run tcpdump
on both firewalls or just one to capture this
traffics? Furthermore, once I am done capturing
the traffics, how am I going to merge the tcpdump
traffics in order analyze them? I am doing this
by writing the tcpdump into a .cap file and view
it with wireshark.
My question is that when doing Active/Active,
how do you go about running tcpdump and
accurately capture the traffics as described
above?
thanks in advance.
---------------------------------
Pinpoint customers who are looking for what you sell.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
