don't forget the -p in the fw putkey command!
-----Original Message-----
From: Carric Dooley [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 24, 2000 2:10 PM
To: D H; [EMAIL PROTECTED]
Subject: Re: [FW1] putkey -n (for sync on cross-over cable)
Create "sync.conf" under $FWDIR/conf with the IP you want to sync with for
both boxes, e.g.
FWA sync connection: 192.168.1.1
FWB sync connection: 192.168.1.2
(sync.conf file on FWA)
192.168.1.2
(sync.conf file on FWB)
192.168.1.1
*The IP address is all that is in the sync.conf
Then do:
>From FWA
fw putkey 192.168.1.2 abc123(or whatever your secret word is)
>From FWB
fw putkey 192.168.1.1 abc123(secret word has to match)
Then go to the backup FW and do:
fw tab -t connections
You should see the state table. If not do an FWSTOP;FWSTART on both boxes
and retry.
Check out info on how to decode the HEX output of this command at:
http://www.enteract.com/~lspitz
Good luck
----- Original Message -----
From: "D H" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, August 24, 2000 12:57 PM
Subject: [FW1] putkey -n (for sync on cross-over cable)
>
> Is anyone using different interfaces for the FW-FW sync and the
> FW-FWMS (Management server) communication? if so, how do you specify
> which interface to use?
>
> We are currently doing state sync on the "internal" interface of our
> 2 FWs, and we would like to change it so the state sync is done over
> a dedicated interface (cross-over cable between the FWs).
>
> I previously used the -n option of the putkey to specify the
> interface for syncronization:
> fw putkey -n <Internal-IP-FW#1> <Internal-IP-FW#2>
> (these same internal interfaces were in the sync.conf file)
>
> I used the -n option to specify the *same* internal interface for
> communication with the FWMW:
> fw putkey -n <Internal-IP-FW#1> <IP-FWMS>
>
> So, the obvious thing would be to redo the FW-to-FW putkey like
> this:
> fw putkey -n <CrossOver-IP-FW#1> <CrossOver-IP-FW#2>
> (and put these interfaces in the sync.conf file)
>
> But, I *think* I heard/read that the -n was effective for *all*
> of the putkeys on a FW (i.e. you are specifying the interface for
> all putkey-dependent communication). If this is true, then my FW
> will also try to communicate with the FWMS on the interface leading
> to the other FW... Is that true?
>
> Thanks in advance,
> -- DH
>
> ________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
>
>
>
>
============================================================================
====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
