Hi all, What I understood is that the checkpoint "load sharing" is on processor only, The two processors are working to make the job,
The load sharing you want is rtaffic load sharing, in order to make that you can statically route 50% of fixed servers, is there is no router and no switch you can make your configuration like you said, but itsn't a good architecture at all. Is that what you wanted to do ? Well, I don't understand, Reinhard, why your speaking about VPN Regards. rar > Message du 22/02/08 15:16 > De : "kazeka sho" > A : [email protected] > Copie à : > Objet : Re: [FW-1] AW: Re: [FW-1] How to configure Checkpoint object when > using Nokia VRRP MC in load sharing mode > > Hi thanks for your answer. > > I will try it. > > Br > > 2008/2/10, Reinhard Stich : > > > > hi, > > > > you should have the vrrp-ip in the topology and fw-object that you want to > > use with vpn. You can add the other vrrp2-IPs to dummy interfaces or to a > > dedicated object. Be careful with "hide behond gw" in nat-configs, better > > use defined IPs. You also can't use auto-art with nat. > > > > br > > reinhard > > > > -- > > > > Reinhard Stich, Internet Security AG > > Mobile email powered by Nokia Intellisync > > *** please reply-to-all if you answer to this mail *** > > -----Ursprüngliche Nachricht----- > > Von: kazeka sho > > Gesendet: 09.02.2008 22:53:04 > > An: Mailing list for discussion of Firewall-1 > > Betreff: Re: [FW-1] How to configure Checkpoint object when using Nokia > > VRRP MC in load sharing mode > > > > > > > > I will explain my problem more precisely : > > > > > > I have 2 Nokias where I configured 3 interfaces on each appliance. 1 for > > the > > > > inside, 1 for the outside and 1 for the synchronization. > > I will call my Nokia appliances : Nokia1 and Nokia2. > > I created a a first VRID (I will call it VRID1) for both interfaces inside > > > > and outside would be monitored where Nokia1 is the master and thus Nokia2 > > the backup. I created another VRID (VRID2) for the same interfaces and > > where > > Nokia2 is the master and Nokia1 the backup. > > > > So I have 4 VRRP addresses 2 for the outside and 2 for the inside. And I > > made Load sharing by routing from the machine. For 100 machines, there are > > 50 where the default gateway is the VRRP of VRID1 and the other 50 is VRRP > > of VRID2. > > > > > > If I chose Nokia VRRP on the Checkpoint object, I think there would be a > > problem since both Nokia will pass trafic and there would have some drops. > > > > And I would like to know what really happen if I made a get topology with > > that kind of configuration. > > > > > > Cheers > > > > 2008/2/9, David DeSimone : > > > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA1 > > > > > > kazeka sho wrote: > > > > > > > > > > In fact I have a cluster of Nokia in VRRP MC but I made Load Sharing > > > > with its. I mean that I have 2 monitored interfaces and 2 VRIDs where > > > > one is the master for one VRID and the slave for the other one. So > > > > for a side I will have two VRRP addresses. > > > > > > > > I will make load sharing by routing my servers by using these > > > > addresses. > > > > > > This is not what I think of when I think of the term "load sharing" > > > because VRRP does not create a load-sharing environment. Only one or > > > the other device will receive traffic for a particular IP. But that is > > > just semantics, I suppose. > > > > > > > My question is to know how to configure the Checkpoint Object in order > > > > to make it fully work. > > > > > > In your "3rd Party Configuration" tab, make sure you have chosen "Nokia > > > VRRP" as the "3rd Party Solution" for the cluster object. > > > > > > When using Nokia VRRP, Checkpoint always uses a load-sharing mode of > > > operation, because the choice of master or slave is decided by the OS, > > > and not by Checkpoint. So, Checkpoint makes sure that whichever cluster > > > member receives traffic, it will process it correctly. > > > > > > Make sure your sync network is working. :) > > > > > > - -- > > > > > David DeSimone == Network Admin == [EMAIL PROTECTED] > > > "This email message is intended for the use of the person to whom > > > it has been sent, and may contain information that is confidential > > > or legally protected. If you are not the intended recipient or have > > > received this message in error, you are not authorized to copy, dis- > > > tribute, or otherwise use this message or its attachments. Please > > > notify the sender immediately by return e-mail and permanently delete > > > this message and any attachments. Verio, Inc. makes no warranty that > > > this email is error or virus free. Thank you." --Lawyer Bot 6000 > > > -----BEGIN PGP SIGNATURE----- > > > Version: GnuPG v1.4.1 (GNU/Linux) > > > > > > > > iD8DBQFHrPqHFSrKRjX5eCoRAghaAJwJhvE0WBTAS29xRzTtHMVRJ13j8ACfeXGf > > > 83YSy/q37+7HEp95/kA6vPg= > > > =nycU > > > -----END PGP SIGNATURE----- > > > > > > Scanned by Check Point Total Security Gateway. > > > > > > ================================================= > > > > > To set vacation, Out-Of-Office, or away messages, > > > send an email to [EMAIL PROTECTED] > > > in the BODY of the email add: > > > set fw-1-mailinglist nomail > > > ================================================= > > > To unsubscribe from this mailing list, > > > please see the instructions at > > > http://www.checkpoint.com/services/mailing.html > > > ================================================= > > > If you have any questions on how to change your > > > subscription options, email > > > [EMAIL PROTECTED] > > > ================================================= > > > > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > Créez votre adresse électronique [EMAIL PROTECTED] 1 Go d'espace de stockage, anti-spam et anti-virus intégrés. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
