[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] Firewall Management HA Setup
> What is the problem with running the management module on the same box
> as an enforcement module? Seems like they should be pretty much
> independent to me.
It's the way Checkpoint have implemented Management HA in NG. It's not a
debatable thing, it's like that and that's the way it is. JFDI.
The logical reason is that if you are in need of Management HA then you
would have your management station on a dedicated box. The single gateway
system is intended for small businesses and pykies. If you can justify a
need for MGM-HA, then you should investigate implementing a distributed
installation.
> On Wednesday, November 20, 2002, at 10:55 AM, Yim Lee wrote:
>
>> Matthias, thanks for your reply. Forgot to mention
>> that I am still in 4.1. Can I do this with 4.1?
>>
>> Yim
>> --- Matthias Leu <[email protected]> wrote:
>>> Hi Yim,
>>> first of all you will need a license for this
>>> feature. Then, the
>>> Managements have to be installed on separate
>>> machines, without Firewall.
>>> Then, it works quite fine.
>>>
>>> The configuration is like
>>> - Install Management on a separate machine selecting
>>> "secondary
>>> management server"
>>> - Copy from $FWDIR/conf/ from primrary to secondary
>>> management:
>>> internalCa.p12
>>> internalCA.NDB*
>>> internalCA.crl
>>> ICA.crl
>>> - On the primary Management define the secondary as
>>> a Check Point, Host,
>>> and select as installed product "secondary
>>> Management".
>>> - Set up SIC with AuthPasswords
>>> - Install/save the rulebase
>>> - To synchronize select Policy, Management HA, Peer
>>> Status
>>> Then select synchronize
>>> - Define the secondary Management as Master of your
>>> Firewalls, too.
>>>
>>> You can synchronize manually or automatically then.
>>> And, it doens't
>>> matter, which Management you use. But, you will need
>>> two machines
>>> without Firewall installed - just the Management. If
>>> you can't separate,
>>> maybe a backup by script will do also.
>>>
>>> Hope it helps,
>>> best regards,
>>> Matthias
>>> http://www.fw-1.de
>>>
>>> Yim Lee wrote:
>>>> I have a pair of Nokia 530 doing firewall
>>> management
>>>> and gateway. Currently, I have the Nokia in a
>>>> primary/standby mode and sync all the changes from
>>> the
>>>> primary to the standby each night. I would like
>>> to
>>>> move both boxes to a VRRP HA pair. My question is
>>> how
>>>> do I get the management stuff sync up between the
>>> two
>>>> boxes if both firewalls are up and running?
>>> Anyone is
>>>> doing this? Your comments are appricated.
>>>>
>>>> Yim
>>>
>>>
>>> --
>>> AERAsec Network Services and Security GmbH
>>> Wagenberger Strasse 1
>>> D-85662 Hohenbrunn, Germany
>>> http://www.aerasec.de
>>>
>>> =================================================
>>> To set vacation, Out Of Office, or away messages,
>>> send an email to [email protected]
>>> in the BODY of the email add:
>>> set fw-1-mailinglist nomail
>>> =================================================
>>> To unsubscribe from this mailing list,
>>> please see the instructions at
>>> http://www.checkpoint.com/services/mailing.html
>>> =================================================
>>> If you have any questions on how to change your
>>> subscription options, email
>>> [email protected]
>>> =================================================
>>
>>
>> __________________________________________________
>> Do you Yahoo!?
>> Yahoo! Web Hosting - Let the expert host your site
>> http://webhosting.yahoo.com
>>
>> =================================================
>> To set vacation, Out Of Office, or away messages,
>> send an email to [email protected]
>> in the BODY of the email add:
>> set fw-1-mailinglist nomail
>> =================================================
>> To unsubscribe from this mailing list,
>> please see the instructions at
>> http://www.checkpoint.com/services/mailing.html
>> =================================================
>> If you have any questions on how to change your
>> subscription options, email
>> [email protected]
>> =================================================
>>
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================