[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sidewinder
Subject:    RE: [Sidewinder] G2 HA - Sendmail and BIND issues
From:       sidewinder () adeptech ! com
Date:       2005-09-30 14:18:58
Message-ID: D5143332F85BD411A15800508BC9834C053055C8 () erdposrv1 ! eh ! pweh ! com
[Download RAW message or body]


Try looking at the /etc/server.conf file and enable the named-standby.  The
default is off. 
enabled[off] is the default change it to enabled[on]

If you are at 6.1.1.02 I've noticed that you have to edit the HA primary
/etc/server.conf and reboot the standby every time you apply a policy update
from the EM.  With 6.1.1.03 patch, I think it's fixed and I don't believe
you need to do this anymore.

This will allow your standby to send out e-mail. I had the same problem and
all is well.

/bluespruce.org



> -----Original Message-----
> From: sidewinder@adeptech.com [mailto:sidewinder@adeptech.com]
> Sent: Friday, September 30, 2005 4:01 AM
> To: sidewinder@adeptech.com
> Subject: [Sidewinder] G2 HA - Sendmail and BIND issues
> 
> 
> Hello!
> 
> What is the recommended configuration for a Sidewinder G2
> that doesn't provide any email services to external or internal
> hosts? I still want the firewall to be able to send firewall
> generated mails like alerts, daily reports and the like off the box.
> 
> What I did was enable Sendmail without any access rules
> and configure the internal mailertable properly. Seems
> to work. Is there a way to get an even smaller setup,
> like in FreeBSD with just a local MSA and a queue runner enabled?
> 
> If not, I'm still happy with the setup I have now - only one
> problem remains: only the active node in a peer-to-peer HA pair
> can send mails. The standby node cannot. I definitely need a
> workaround for this one - we want to mail accounting reports
> from both systems to the responsible persons on a daily basis.
> Since you never can be sure that the current standby node has
> not been active during the last 24 hour period, the standby
> node needs to send mails as well.
> 
> Similar thing: I alway run named-unbound even if the sidewinder
> doesn't provice DNS _service_. Reason: processes running in
> some burb different from internal cannot - by default - contact
> the internal nameserver. Having a cacheing named gives me
> local name resolution for all burbs and reverse mapping for
> 127.0, 127.1, 127.2, ... 
> 
> Again this seems to work only on the active node, not on the 
> standby one.
> 
> TIA,
> 
> Patrick M. Hausen
> Leiter Netzwerke und Sicherheit
> -- 
> punkt.de GmbH         Internet - Dienstleistungen - Beratung
> Vorholzstr. 25        Tel. 0721 9109 -0 Fax: -100
> 76137 Karlsruhe       http://punkt.de
> 
> _______________________________________________
> Sidewinder mailing list
> Sidewinder@adeptech.com
> http://mail.adeptech.com/mailman/listinfo/sidewinder
> 
_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic