It sure does... That way you don't have "all your eggs in the same basket".
If the machine where your firewall resides dies, you still have all your rules on the SmartCenter machine, so getting back on line just requires for you to get a backup machine, install SecurePlatform, re-establish SIC and push the policies down. On the other hand, if your Smartcenter machine dies (and you have done your homework and have taken backups), similarly you can bring a new machine, install the Smartcenter and load the backup. This takes a little more time than bringing back up a fw module, but now you can take your time as while the Smartcenter is gone from the network, your firewall module will still be running and handling traffic with the last policy you installed on it. Basically having a Smartcenter down does not cause any downtime for your network. Off course having a third machine as HA pair of the primary firewall module (active/standby cluster) is a lot better, but while getting budget for that extra license, I have had several customers that had a spare machine as "shelf backup", so if their firewall machine failed, it took less than 5 minutes to get back on line. Regards On 10/1/07, Rick Osterberg <[EMAIL PROTECTED]> wrote: > > I think I ended up confused... and have my SecurePlatform with both the > FW/VPN engine, and the SmartCenter. I have the SmartConsole on the > Windows box. I licensed for the SmartConsole IP instead of a SmartCenter > IP. > > Question -- in a small environmment such as mine (generally just a single > firewall), is there anything to be gained by installing the SmartCenter on > a different host than the enforcement module? > > -Rick > > On Mon, 1 Oct 2007, Sergio Alvarez wrote: > > > To add something to Reinhard's post... in local mode you can use any IP > of > > the firewall module, it doesn't really matter if it is an external or > > internal interface. > > > > It is important for you to be clear on the fact that SmartConsole is > > actually just the console, which you can install on any desktop on your > > network, the management server on the other side, is called > SmartCenter. In > > your case since you have your SmartCenter on a Windows machine, most > likely > > you also have SmartConsole installed on that same system. > > > > Now, since you have been using local mode on your old Windows NG > firewall > > module and you are planning to replace it with a new machine running NGX > > with different IPs then definitely you must go to the UserCenter and > either > > keep working with local mode and change the IP to one of the new ones, > or > > change to central mode and use the SmartCenter IP. Also, since you have > been > > working with NG, you must upgrade that license to NGX, as they work > > different. Bare in mind you will need a valid software subscription for > that > > license, otherwise the Usercencer will not allow you to do the upgrade. > > > > Regards > > > > On 10/1/07, Reinhard Stich <[EMAIL PROTECTED]> wrote: > >> > >> hi, > >> > >> you can choose between: > >> > >> 'local license' > >> for every module (smartcenter, gateway1, gateway2, etc) you create > >> the license with an IP-address of the module. on the mgmt-server you > >> use the mgmt's IP, on the firewall-module you use any firewall's > >> > >> 'central license' > >> all licenses are defined with the managedment's IP and moved to the > >> gateway-modules using the "smartupdate" tool > >> > >> br > >> reinhard > >> > >> At 19:28 01.10.2007, you wrote: > >>> I have a quick, dumb, question about IP addresses and licensing. > >>> > >>> I've got an older VPN-1 gateway (version NG) running on a Windows > >>> host that I am upgrading to new hardware and new software. > >>> > >>> The new software will be the VPN UTM package running on > >>> SecurePlatform. I've got the SecurePlatform and firewall software > >>> installed on the new hardware, using temporary IP addresses for the > >>> interfaces (since I will ultimately replace the old gateway and use > those > >> IPs). > >>> > >>> I have the SmartConsole software installed on a Windows box on the > >>> inside network. > >>> > >>> I thought I had read that when setting up the license in the > >>> CheckPoint web site, that the IP address I should use was the IP > >>> address of the management computer, so I used the IP of the Windows > >>> system running SmartConsole. I trust I made the wrong choice? > >>> > >>> My NG firewall was licensed in 'local' mode, so it's licensed > >>> against the external IP address. > >>> > >>> What IP address should the NGX be licensed on? Internal? > >>> External? What is the difference between 'local' and 'central' mode? > >>> > >>> -Rick > >>> > >>> ================================================= > >>> To set vacation, Out-Of-Office, or away messages, > >>> send an email to [EMAIL PROTECTED] > >>> in the BODY of the email add: > >>> set fw-1-mailinglist nomail > >>> ================================================= > >>> To unsubscribe from this mailing list, > >>> please see the instructions at > >>> http://www.checkpoint.com/services/mailing.html > >>> ================================================= > >>> If you have any questions on how to change your > >>> subscription options, email > >>> [EMAIL PROTECTED] > >>> ================================================= > >> > >> -- > >> Reinhard Stich [EMAIL PROTECTED] > >> Internet Security AG, 1150 Wien, Johnstrasse 29 > >> Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333 > >> > >> ================================================= > >> To set vacation, Out-Of-Office, or away messages, > >> send an email to [EMAIL PROTECTED] > >> in the BODY of the email add: > >> set fw-1-mailinglist nomail > >> ================================================= > >> To unsubscribe from this mailing list, > >> please see the instructions at > >> http://www.checkpoint.com/services/mailing.html > >> ================================================= > >> If you have any questions on how to change your > >> subscription options, email > >> [EMAIL PROTECTED] > >> ================================================= > >> > > > > > > > > -- > > Sergio Alvarez > > (506)8301342 > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > -- Sergio Alvarez (506)8301342 ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
