|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] [fw1-gurus] Clustering Nokia IP530s, CheckPoint NG, and Cisco switch
Hi, If your internet router is cisco you should manually enter Multicast MAC of VIP of external interface. You can see multicast MAC of VIP using "ifconfig -a" command. Multicast MAC address starts with 1:50:5a:...... On internet router. Router(config)# arp <VIP_of_external_IF> <Multicast_MAC_of_VIP> arpa Also you can enable "Accept Multicast ARP replies" in voyager > ARP -----Original Message----- From: Sandra Iveth Amador Garcia [mailto:[email protected]] Sent: 27 A?ustos 2003 Car?amba 23:11 To: [email protected] Cc: [email protected] Subject: [fw1-gurus] Clustering Nokia IP530s, CheckPoint NG, and Cisco switch Greetings gurus! We are trying to implement one IP cluster but the results has no been complete successfully, here is the enviroment and platform information. Using Catalys 4507R as the Network core Switch Using 1 Hub to connect the sync interfaces 2 Nokia IP530 with IPSO 3.6 FCS7 Checkpoint FP3 HF1 in both firewalls distributed installation, just one smarcenter server. The configuration for IP clustering was made using the ipso3.6_fp3_v2.0 HA.pdf, that is in the digital migrations web site. Status: *Both gateways were synchronizated using NTP (successfully) *IP Clustering using voyager, were obtained one master and one member(successfully) *Check Point Cluster configuration on the smartcenter server, (successfully) *the licenses were re installed on Check Point Cluster using smart update, the the cluster was able to receive policy installation from the smartcenter server, the policy was installed . (successfully) *Check Point Cluster service was verified using "Smart view Status" (successfully) Problem Detected: just the internal and DMZ VRID can be reached trough "ping" but not the external VRID , other problem is that the internal router IP address cannot be reached by the firewall, by the way all the internal clients cannot reach the internet. Questions: 1) What about the physical addresses (MAC) that the Internet Router needs to know the firewall? which IP addres must be registered for each MAC, or separated each one with owns IP and MAC ? or External VRID for both MAC addresses? 2) Any suggestion? We xpect that you can help us. =) --------------------------------------------------------------------- FireWall-1 Gurus Mailing List (http://www.phoneboy.com/gurus) To unsubscribe, mailto:[email protected] For additional commands, mailto:[email protected] ***************************************************************** Bu mesaj ve ekleri mesajda gonderildigi belirtilen kisi ya da kisilere ozeldir. Eger gonderilen mesajin muhatabi degilseniz, icerigini ve varsa ekindeki dosyalari kimseye aktarmayiniz ya da kopyalamayiniz. Boyle bir durumda lutfen gondereni uyarip, mesaji imha ediniz. ** Bu e-posta bilinen zararli icerige karsi kontrol edilmistir ** ***************************************************************** The contents of this email and any attachments are confidential. It is intended for the named recipient(s) only. If you have received this email in error please notify the system manager or the sender immediately and do not disclose the contents to any one or make copies. **This email is scanned for known vandals and malicious content** ***************************************************************** ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
