I'm confused, how was 4.0 offering you failover anyway? IP pooling with
automatic failover was not available until 4.1? Do you mean that your users
were manually using the other gateway as needed?
Thomas Poole
-----Original Message-----
From: Tom Sevy [mailto:[EMAIL PROTECTED]]
Sent: Monday, May 29, 2000 8:13 AM
To: 'Jesus Calvo Hernandez'; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: [FW1] overlapping encryption domains and securemote
I encountered this, had to uncheck Exportable on second firewall, which
stinks because that means we have no failover for SR clients (in 4.0,
anyway)
-----Original Message-----
From: Jesus Calvo Hernandez [mailto:[EMAIL PROTECTED]]
Sent: Monday, May 29, 2000 6:22 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: [FW1] overlapping encryption domains and securemote
Hi Olaf
Thanks for your fast reply; I?ve checked it and no ip address is repeated,
it would be causing problems of ip duplicity, anyway; the thing is that
management station is a diferent machine than the firewall gateway one.
We have the following scenario:
One internal firewall manager (with nat to the internet, so securemote
customers can retrieve keys), and two external gateways. Each gateway has
got its own internal and external nics with different addresses from each
other. One of the external gateways has got a vpn running to a customer
firewall.
By now we do not figure where the overlapping can be.
Best regards
Jesus Calvo
-----Original Message-----
From: Olaf Selke <[EMAIL PROTECTED]>
To: Jesus Calvo Hernandez <[EMAIL PROTECTED]>
Cc: Firewall-1 Mailing List <[EMAIL PROTECTED]>
Date: Monday, May 29, 2000 12:08 PM
Subject: Re: [FW1] overlapping encryption domains and securemote
>According to Jesus Calvo Hernandez:
>>
>> error: fw-management station has at least two gateways with an =
>> overlapping encryption domain
>>
>> I=B4ve checked encryption domains for the gateways and there=B4s no =
>> overlapping
>>
>> Anyone has suffered this?
>
>yes, we did. FW-1 considers all network interfaces of a gateway to
>be part of the encryption domain. Please check if the same ip address
>is used on multiple firewalls.
>
>Olaf
>--
>Olaf Selke, [EMAIL PROTECTED], voice +49 5241 80-7069
------------------------------------------------------------------
This email is confidential and intended solely for the use of the individual
to whom it is addressed. Any views or opinions presented are solely those of
the author and do not necessarily represent those of Sema Group.
If you are not the intended recipient, be advised that you have received
this email in error and that any use, dissemination, forwarding, printing,
or copying of this email is strictly prohibited. If you have received this
email in error please notify it to Sema Group sae Helpdesk by telephone on
number
+34 91 4408888.
------------------------------------------------------------------
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
