Frederic,
choose VRRP and _uncheck_ all three checkboxes in there for maximum speed.
That'll work. FW-1 actually doesn't care how you handle failover, "VRRP" just
means in FW-1 terms "it's a Nokia, we sync, there can be virtual IPs, and the
OS handles failover".
If you have an issue with non-sticky connections (although I do not expect
that), you'd check the top checkbox, in a configuration with vips also the
bottom checkbox, but you don't have vips, so top only should suffice. "Hide
outgoing behind cluster IP" isn't needed. Just don't have the top unchecked and
the bottom two checked, that creates issues.
Now, since you don't have actual virtual IPs, set all member IPs to "not
clustered", and leave the cluster's topology as such empty. Add the sync
network, making sure it is unique among all defined clusters in both name and
range, and you should be set.
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM]On Behalf Of Frederic
Sent: Tuesday, February 22, 2005 2:16 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] vrrp versus OSPF
Hi,
I'm running a cluster NG AI R55 HFA9 on IPSO 3.7.1 build 13.
The HA functionality is made by four routers running OSPF, and connect the
four of them to the external and internal interface of the two firewalls.
The two firewalls are part of the OPSF area of the four routers.
------ ---------
¦ R1 ¦ ¦ R2 ¦
------- ----------
¦ ¦
¦ ¦
------- synchro ---------
¦Fw1 ¦-----------¦ Fw2 ¦
------- ----------
¦ ¦
¦ ¦
------ ---------
¦ R3 ¦ ¦ R4 ¦
------- ----------
To create my cluster, I have to choose between VRRP, or OPSEC on the HA tab.
I DON'T WANT TO RUN VRRP on my cluster, because the HA functionality is made
by OSPF between the four routers and the CP cluster: So I choosed OPSEC, and
then the cluster is presented in error in SmartView status !
Is there a way to create the cluster with an OSPF as the HA solution :I
don't speak about the OSPF configuration in Voyager to include it in the
OSPF area, but what about the Check Point cluster creation ????
Frank.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
Please note that:
1. This e-mail may constitute privileged information. If you are not the
intended recipient, you have received this confidential email and any
attachments transmitted with it in error and you must not disclose, copy,
circulate or in any other way use or rely on this information.
2. E-mails to and from the company are monitored for operational reasons and in
accordance with lawful business practices.
3. The contents of this email are those of the individual and do not
necessarily represent the views of the company.
4. The company does not conclude contracts by email and all negotiations are
subject to contract.
5. The company accepts no responsibility once an e-mail and any attachments is
sent.
http://www.integralis.com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
