Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Fw: Firewall Synch

To: [email protected], [email protected], [email protected]
Subject: RE: [FW1] Fw: Firewall Synch
From: [email protected]
Date: Mon, 8 Jan 2001 08:52:01 -0600
Sender: [email protected]

You have to putkey between the machines to get the sync to work as well as
setting up the sync.conf on the 2 machines.  I've found that the easiest way
to ensure the sync is setup correctly it to make sure to use the actual
addresses that you put in the sync.conf on both machines in the putkey.  For
example (using the sync.conf examples below ):

after setting up the sync.conf on the 2 firewalls ( I also fwstop the
firewalls BEFORE putkeying ):

on machine1:
fw putkey -n 10.0.10.1 10.0.10.2

on machine2:

fw putkey -n 10.0.10.2 10.0.10.1

Of course, the putkey passwords will have to be the same on both machines.
Then fwstart the firewalls and you should see traffic ( a "netstat -an |
grep 25"  should show traffic between the machines on ports 256(?)

-----Original Message-----
From: Mario Kadastik [mailto:[email protected]]
Sent: Wednesday, January 03, 2001 5:14 AM
To: Maureen A. Jacob; [email protected]
Subject: Re: [FW1] Fw: Firewall Synch



Hello Maureen


> What do I need to configure for two firewalls to synchronize their
> state table without stonebeat or any other third-party softwares?

I have gotten only the old version sync to work and that was by creating
on both machines
the file sync.conf in $FWDIR/conf
with these lines:

(machine1 is 10.0.10.1 and machine2 is 10.0.10.2)

on machine1:
--- begin sync.conf ---
SyncMode=TCP sync
10.0.10.2
--- end sync.conf ---

on machine2:
--- begin sync.conf ---
SyncMode=TCP sync
10.0.10.1
--- end sync.conf ---

and after bouncing both firewalls, it should say in both machines
$FWDIR/log/fwd.elg logfiles
that he is connected to sync server on the other end :)

Mario Kadastik
CCSE
Estonian Telecommunications Co Ltd
[email protected]



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] Problem upgrading Nokia to Ipso 3.3
Next by Date: [FW1] Am I really under attack?
Previous by thread: RE: [FW1] Fw: Firewall Synch
Next by thread: [FW1] SecureCom -PDS 2100
Index(es):
- Date
- Thread