Nicolas, glad it helped. This is an answer we got from CP when we asked them. As I read that, it means:
- Never put the external IP in - Usually, you just don't need that tab at all. Don't use it. - HF1 improves the functionality, FP4 will further. This might be useful for directing VPNs out different interfaces, but I never actually tried this. So, inna nutshell: Just don't use the cluster topology tab. -- Quote -- In all third party solutions except IPSO (Nokia cluster) it is not allowed to add cluster IPs in the topology tab. In IPSO, it is possible to add internal cluster IPs to the topology tab when there is a need to communicate with one of the internal cluster IPs. For example, if you wish to use secure remote to download topology from the internal cluster IP. Otherwise, and in the common case, it is not necessary to add anything to the topology tab. Until FP3 it was not possible to add cluster IPs to third party solutions because the topology tab did not exist. Since FP3 adding cluster IPs will also implement a cluster hide behind that IP. For some features (such as VPN) cluster hide requires forwarding which is partially implemented (IKE only) since FP3 and fully implemented from FP3 Hot Fix 1. Console messages in the form of "delete: can't locate <ip address>" might appear on the console and can be safely ignored. We will handle this issue for FP4. Also, from FP4, there is a new option to disable the cluster hide mechanism in third party solutions. This option is controllable from the smart dashboard. -- End Quote -- > -----Original Message----- > From: nicolas figaro [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, January 08, 2003 10:48 AM > To: [EMAIL PROTECTED] > Subject: Re: [FW-1] FP3 + nokia vrrp problem > > > Shawn Behrens a �crit: > > > I configured two nokias with ipso 3.6 FCS 4 and CP FW1 NG FP3 in a > > checkpoint cluster. the nokias use vrrp for high > availability (no load > > sharing). > > > > but if I try to send a connection from the backup, the > packet is sent > > with the vrrp address. I still can reach the backup (ping, ssh works > > perfectly), but I can't initiate any connection from the > > module ( I need > > to initiate some supervision connections) > > > >We had this problem when we defined the VRRP IPs in the > Cluster topology. If > >the cluster topology (NOT member topology, cluster topology) > is left empty, > >it worked for us. > > > >Do you have your VRRP IPs defined in the Cluster topology? > If so, take them > >out and try again. > > > >Shawn > > > > > > > simply amazing. > it works. > next question : what's the interest of defining a cluster topology ?? > > thanks a lot for your answer Shawn. > > Nicolas Figaro > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > > > Please note that: 1. This e-mail may constitute privileged information. If you are not the intended recipient, you have received this confidential email and any attachments transmitted with it in error and you must not disclose, copy, circulate or in any other way use or rely on this information. 2. E-mails to and from the company are monitored for operational reasons and in accordance with lawful business practices. 3. The contents of this email are those of the individual and do not necessarily represent the views of the company. 4. The company does not conclude contracts by email and all negotiations are subject to contract. 5. The company accepts no responsibility once an e-mail and any attachments is sent. http://www.activis.com This annotation was added by the e-scan service. http://www.activis.com ---------------------------------------------------------------------------------- This message has been checked for all known viruses by e:)scan. For further information please contact [EMAIL PROTECTED] ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
