We wish to implement an high availability pair of FW1 firewalls
using StoneBeat. We also want to use an IKE VPN. Our problem is which
interfaces to license to what products.
We have:
- two fw1 unlimited host licences
- two stonebeat licenses
- to VPN 5000 user licenses
We understand that:
- to use a VPN the host name and VPN license must be bound to the
external facing interface.
- for FW1 to start correctly, the license must be bound to a live
interface.
- StoneBeat shuts down the internal and external interfaces of the
standby host
We don't know (and our support contacts can't tell us) if:
- the VPN license needs to be attached to the same interface as the
FW1 license
- ethernet interfaces can have licenses bound to them (StoneBeat or
FW1)
- the StoneBeat license needs to be bound to the same interface as
the host name
- the StoneBeat license needs to be bound to an always live
interface (otherwise StoneBeat will not start)
- FW1 logging is confused if the FW1 license is not bound to the
same interface as the host name
Any ideas appreciated (especially if you represent StoneBeat or
CheckPoint!)
--------------------------------------------------------------------------------------
For more information about Barclays Capital, please
visit our web site at http://www.barcap.com.
Internet communications are not secure and therefore the Barclays Group
does not accept legal responsibility for the contents of this message.
Any views or opinions presented are solely those of the author and do
not necessarily represent those of the Barclays Group unless otherwise
specifically stated.
--------------------------------------------------------------------------------------
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
