I want to try and clear this up !
Can 2 SINGLE GATEWAY LICENSE Checkpoint Firewalls perform state sync ?
I was under the impression that the single gateway solution would only
properly license a standalone solution, and that any interoperability with
other firewall products would be disabled.
I'm probably digging myself a deeper hole, but for the sake and pursuit of
trivia, it's well worth it !
Tim
----- Original Message -----
From: Dunn, Daniel, CTR, OSD-ATL <[EMAIL PROTECTED]>
To: 'Tim Holman' <[EMAIL PROTECTED]>; 'Sommariva Graziano'
<[EMAIL PROTECTED]>; 'Seelig, Daniel' <[EMAIL PROTECTED]>;
'Rodrigo Borges' <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: 28 March 2001 12:07
Subject: RE: [FW1] Syncronyzing 2 FW-1 firewals
>
> This is not enitrely correct. You CAN state synchronize without running
the
> HA module. Here is what Check Point sent me:
>
> ------------start------------------
> How to set up synchronization between two FireWalls
>
> Fact: FireWall-1 4.0
> Fact: Sun Solaris Sparc
> Fact: Windows NT Server 4.0
>
>
> Fix: Do the following:
>
> 1. Create a file $FWDIR/conf/sync.conf on both modules. The file should
> contain the name or IP of the peer module
> 2. Run 'fwstop' on both modules
> 3. Run 'fw putkey -n <local module ip address> <remote module ip address>
> on both modules
> 4. Run 'fwstart' on both modules
> -----------end---------------------
>
> One thing that helps is to have the firewall modules connected on a
> separate/private network. I have my two firewall modules and my
management
> module connected over a private (10.x.x.x) network and I also exchage
state
> information over this link.
>
> Cheers,
>
> Dan
>
> --------------------------------------------------------------------------
--
> -
> Daniel R. (Dan) Dunn, EE
> Principal INFOSEC Engineer, GRC Int'l (an AT&T company)
> OSD-ITD Firewall Administrator
> p: 703-614-8086, ext 500
>
> The opinions expressed by the author are entirely his own, and do not
> reflect those of AT&T, GRCI, Inc., or their subsidiaries, nor do they
> reflect policy, opinion, or endorsement by the US Department of Defense or
> any of its agencies.
>
>
>
> >-----Original Message-----
> >From: Tim Holman [mailto:[EMAIL PROTECTED]]
> >Sent: Tuesday, March 27, 2001 4:58 PM
> >To: Sommariva Graziano; 'Seelig, Daniel'; 'Rodrigo Borges'
> >Cc: [EMAIL PROTECTED]
> >Subject: Re: [FW1] Syncronyzing 2 FW-1 firewals
> >
> >
> >
> >You need it for Checkpoint HA, which includes state synchronisation.
> >You can setup Nokias or whatever without the HA license, but
> >you won't be
> >able to state sync, so connections will be lost during failover.
> >
> >
> >----- Original Message -----
> >From: Sommariva Graziano <[EMAIL PROTECTED]>
> >To: 'Seelig, Daniel' <[EMAIL PROTECTED]>; 'Rodrigo Borges'
> ><[EMAIL PROTECTED]>
> >Cc: <[EMAIL PROTECTED]>
> >Sent: 26 March 2001 15:25
> >Subject: [FW1] Syncronyzing 2 FW-1 firewals
> >
> >
> >>
> >> Is it mandatory to by HA licence to syncronize to FW-1?
> >>
> >> Bes Regards,
> >>
> >>
> >> Graziano Sommariva
> >> *Phone: +39-010-658.3921.
> >> *E-Mail: [EMAIL PROTECTED]
> >>
> >> Network Manager
> >> TLC - Telecomunicazioni
> >> SSC - Service Unit Servizi Continuativi
> >> Elsag S.p.A.
> >>
> >>
> >>
> >>
> >===============================================================
> >=============
> >====
> >> To unsubscribe from this mailing list, please see the
> >instructions at
> >> http://www.checkpoint.com/services/mailing.html
> >>
> >===============================================================
> >=============
> >====
> >>
> >
> >
> >===============================================================
> >=================
> > To unsubscribe from this mailing list, please see the
> >instructions at
> > http://www.checkpoint.com/services/mailing.html
> >===============================================================
> >=================
> >
>
>
>
============================================================================
====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
