What have you set the logical server type to for http traffic (http or other)?
HTTP type requires you to setup a static NAT tranlation for each web server as
after inital connection and additional communication is direct from the web
client to the web server. Where as other uses NAT to mediate all
communication. In terms of your static ARP setups, I assume that the web
servers are located within the DMZ, directly connected to your enfrocement
module, then this is not necessary as this information will be automatically
populated when your system ARP broadcasts for the holder of that IP. And if
you are hosting the web servers in another subnet using the other type logical
server, your mac addresses are not relevant to your enforcement module. I
thank your issue is NAT.
Also, I am not a big fan of connectcontrol as it does not scale or have the
monitoring capabilities I would like, have a look at F5 BigIP, or StoneBeat
FullCluster. However, if you have already paid for a licence, then :(
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi, i want to configure connectControl in SecurePlatform.
So i have a rule soucre: ANY Destination:LogicalServer(Public IP, with
group of two web servers).
The problem is that i don't have to do a static nat because i have two
web servers the firewall don't have an arp entry to the web servers.
But if i create a arp entry it doesn't work... may be i am doing
something wrong, thanks...
- --
Saludos,
Alvaro
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.6 (Build 6060)
iQEVAwUBRL0CXMXBZiD6GXNyAQiU8Af/YeL5A1lLlsp11bpaTA3My/ImbtzGQCeS
TUSmY3E/TD9nLkpfwJu2KEZkslggwfHkmPUV+j52IxqWErzctOTbsLLsqDwvqGWx
S2TvP+3yBvgHEZT8ReNPz9qi6wzncNQLXhyyOhEbf+P34qR6f6Cbf8VhHEvPeLwJ
SGjCft+QbH4kDh0JI7QGcUykf9Lpn7gdSkoi0LF0+7blVI0TO09YUBK9+XmcD2nM
QIUUOKbJvMcqpRC3ojPtGLoxALjfxGZzVWpKAMxodvQWUE7NX53sd7LQokkAA3BZ
Op/AjZLfAT1KJFObIR1qawEiBAoW1AhOpXq527jsuQPLMDonII79sA==
=3OVr
-----END PGP SIGNATURE-----
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
This e-mail and any attachment is for authorised use by the intended
recipient(s) only. It may contain proprietary material, confidential
information and/or be subject to legal privilege. It should not be copied,
disclosed to, retained or used by, any other party. If you are not an intended
recipient then please promptly delete this e-mail and any attachment and all
copies and inform the sender. Thank you.
Phoenix IT Group plc Registered in England no. 3476115
Phoenix IT Services Limited Registered in England no. 1466217
Trend Network Services Registered in England no. 1049704
Registered offices: Technology House, Hunsbury Hill Avenue, Northampton NN4 8QS
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
