Create "sync.conf" under $FWDIR/conf with the IP you want to sync with for both boxes, e.g. FWA sync connection: 192.168.1.1 FWB sync connection: 192.168.1.2 (sync.conf file on FWA) 192.168.1.2 (sync.conf file on FWB) 192.168.1.1 *The IP address is all that is in the sync.conf Then do: >From FWA fw putkey 192.168.1.2 abc123(or whatever your secret word is) >From FWB fw putkey 192.168.1.1 abc123(secret word has to match) Then go to the backup FW and do: fw tab -t connections You should see the state table. If not do an FWSTOP;FWSTART on both boxes and retry. Check out info on how to decode the HEX output of this command at: http://www.enteract.com/~lspitz Good luck ----- Original Message ----- From: "D H" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, August 24, 2000 12:57 PM Subject: [FW1] putkey -n (for sync on cross-over cable) > > Is anyone using different interfaces for the FW-FW sync and the > FW-FWMS (Management server) communication? if so, how do you specify > which interface to use? > > We are currently doing state sync on the "internal" interface of our > 2 FWs, and we would like to change it so the state sync is done over > a dedicated interface (cross-over cable between the FWs). > > I previously used the -n option of the putkey to specify the > interface for syncronization: > fw putkey -n <Internal-IP-FW#1> <Internal-IP-FW#2> > (these same internal interfaces were in the sync.conf file) > > I used the -n option to specify the *same* internal interface for > communication with the FWMW: > fw putkey -n <Internal-IP-FW#1> <IP-FWMS> > > So, the obvious thing would be to redo the FW-to-FW putkey like > this: > fw putkey -n <CrossOver-IP-FW#1> <CrossOver-IP-FW#2> > (and put these interfaces in the sync.conf file) > > But, I *think* I heard/read that the -n was effective for *all* > of the putkeys on a FW (i.e. you are specifying the interface for > all putkey-dependent communication). If this is true, then my FW > will also try to communicate with the FWMS on the interface leading > to the other FW... Is that true? > > Thanks in advance, > -- DH > > ________________________________________________________________________ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com > > > > ============================================================================ ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
