[prev in list] [next in list] [prev in thread] [next in thread]
List: firewall-1
Subject: Re: [FW-1] Traffic leaving out the cluster...
From: Reinhard.Posmyk () ARXES ! DE
Date: 2003-05-31 19:49:25
[Download RAW message or body]
Hi,
I also used sbfcconfig to setup the cluster. In my case I got the correct
hostname.sbifX files.
I manually added designated-ip for all node interfaces and still have the
problem with the
locally originating traffic.
I'm not sure, if the SB documentation matches the reality. Can someone
clarify?
o In 4.1 I got the sbifX:n interfaces in the fwgui, which I had to edit
manually into sbifX_n.
In NG I don't get any of those. Do I have to expect this?
o Do I have to add these interfaces manually on the nodes or on the
cluster object
or even both?
Reinhard
Alb <albllovet@E-MILIO.COM>
Gesendet von: Mailing list for discussion of Firewall-1
<FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM>
28.05.2003 16:00
Bitte antworten an Mailing list for discussion of Firewall-1
An: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Kopie:
Thema: Re: [FW-1] Traffic leaving out the cluster...
Hi,
I had the same problem... It was because I used command line tool for
configuration, sbfcconfig, that it seems it's been forgotten by
stonesoft, because it makes two things bad: it does not makes
hostname.sbifX files and, the one I think you are suffering, it does not
add designated-ip instances in filter.conf file.
So, try to use web config, or add designated ip manually-...
Regards
Jean-Pierre FORCIOLI wrote:
>Hi,
>
> o I'm using an OPSEC cluster solution (StoneBeat FullCluster) with
> Check Point VPN-1 NG FP3 HF2 HFA310.
>
> o I've defined cluster IP addresses in the topology section of the
> cluster object and not in the topology section of the cluster
> members.
>
> o With this configuration, traffic originating from one node leave
> the cluster with the cluster IP and not the dedicated IP !!! I can
> see a line in the SmartView Tracker indicated me that my node was
> translated by rule 0 !
>
> o If I define cluster IP addresses in the cluster members (I deleted
> the cluster IP addresses from the cluster topology), and now traffic
> is leaving the cluster with the dedicated IP address of the node
> which processed the connection.
>
> o Can someone share his experience regarding this problem ?
>
>Regards.
>
>--
>Jean-Pierre.FORCIOLI@cyber-networks.fr Cyber Networks France
>http://www.freebsd.org http://www.cyber-networks.fr
>PGP Key fingerprint = 9AEA 910F CB46 C39B 89EE EF4C 68AC 2AF1 CF17 3713
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xCF173713
>
>
>
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic