Re: [FW-1] Alteon ASF cluster HA paradox

Subject:	Re: [FW-1] Alteon ASF cluster HA paradox
From:	john maverick <deepblue25 AT GMAIL DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Wed, 1 Feb 2006 08:32:27 +0530

Hi,
Thanks for that reply but what does that mean for the acc being in HA when
both are actually passing packets and remember acc were always meant to only
pass and not process....im a bit confused here


regards


On 1/31/06, Mark Senior <Mark.Senior AT gov.ab DOT ca> wrote:
>
> The way I understand it is, the directors are in load sharing mode, the
> accelerators can only be in HA mode (and I believe you can only have two
> of them).
>
> Logs come from both directors, not both accelerators - I understand the
> accelerator in terms of a set of 'outboard' NICs.  They don't do any of
> the firewall processing, they just pass packets back and forth once the
> firewall (running on the directors) has told them what to do with each
> flow.
>
> The gateways of all hosts should always point to the virtual IP for the
> cluster, not to the real IP of any director.
>
> Cheers
> Mark
>
>
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of john
> maverick
> Sent: 31 January, 2006 09:27
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: [FW-1] Alteon ASF cluster HA paradox
>
> Hi All,
>
> We have a ASF cluster having 2 accelerators and 2  directors in HA
> mode...we understand  the 2 directors are load balanced by default and
> the acc are in HA but
>
> why is it recommended by ASF best practise to have "Load sharing" Opsec
> ticked in 3 rd party configuration screen of the alteon cluster even
> though its actually HA
>
> why in HA scenario when product logs are seen thru checkpoint smart view
> tracker DO LOGS come from both the accelerators??? when there is only
> one owner for VIP at a given time
>
>
> Can Load sharing between accelarators be done and how is it achieved in
> alteaon ASF cluster and does that mean there are 2 default gateways
> statically configured in all hosts behind the VRRP cluster  as seen in
> documentation ,which is diff from other firewall Load sharing config
>
>
>
> ANy pointers will be greatly appreciated
>
> regards
>
> =================================================
> To set vacation, Out-Of-Office, or away messages, send an email to
> LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your subscription options,
> email fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error please notify the system manager.
> This message contains confidential information and is intended only for the
> individual named. If you are not the named addressee you should not
> disseminate, distribute or copy this e-mail.
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] Alteon ASF cluster HA paradox, john maverick Re: [FW-1] Alteon ASF cluster HA paradox, Mark Senior Re: [FW-1] Alteon ASF cluster HA paradox, john maverick <=

Previous by Date:	Re: [FW-1] SecureClient questions, Robbie Elliott
Next by Date:	[FW-1] export log question, Clive Luk
Previous by Thread:	Re: [FW-1] Alteon ASF cluster HA paradox, Mark Senior
Next by Thread:	[FW-1] Solaris patch 110934 - UnixInstallScript fails with CPshrd-54 permissioning/access errors, Andrew W Barkley
Indexes:	[Date] [Thread] [Top] [All Lists]