The way I understand it is, the directors are in load sharing mode, the
accelerators can only be in HA mode (and I believe you can only have two
of them).
Logs come from both directors, not both accelerators - I understand the
accelerator in terms of a set of 'outboard' NICs. They don't do any of
the firewall processing, they just pass packets back and forth once the
firewall (running on the directors) has told them what to do with each
flow.
The gateways of all hosts should always point to the virtual IP for the
cluster, not to the real IP of any director.
Cheers
Mark
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of john
maverick
Sent: 31 January, 2006 09:27
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] Alteon ASF cluster HA paradox
Hi All,
We have a ASF cluster having 2 accelerators and 2 directors in HA
mode...we understand the 2 directors are load balanced by default and
the acc are in HA but
why is it recommended by ASF best practise to have "Load sharing" Opsec
ticked in 3 rd party configuration screen of the alteon cluster even
though its actually HA
why in HA scenario when product logs are seen thru checkpoint smart view
tracker DO LOGS come from both the accelerators??? when there is only
one owner for VIP at a given time
Can Load sharing between accelarators be done and how is it achieved in
alteaon ASF cluster and does that mean there are 2 default gateways
statically configured in all hosts behind the VRRP cluster as seen in
documentation ,which is diff from other firewall Load sharing config
ANy pointers will be greatly appreciated
regards
=================================================
To set vacation, Out-Of-Office, or away messages, send an email to
LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options,
email fw-1-owner AT ts.checkpoint DOT com
=================================================
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed. If
you have received this email in error please notify the system manager. This
message contains confidential information and is intended only for the
individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
