Excellent. Thanks for the confirmation. Out of curiosity... I assume that the logs then show by physical IP which firewall the sessions actually traversed? So if there was a failover you would know it from the logs?
Thanks! j -----Original Message----- From: Donna O'Connell [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 06, 2002 3:39 PM To: [EMAIL PROTECTED] Subject: Re: [FW-1] VPN with a cluster We have a checkpoint cluster with VPN and the remote end has the address of the cluster. With the checkpoint SP5 the default is to NAT the gateways to the cluster address. This is done in the objects.C file :IPsec_cluster_nat (true) However, it is misleading in the fw log because the log only shows the address of the physicall interface. A snoop on the external interface does show that the cluster address is what is being sent out. Good Luck, Donna ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
