Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Initial Cluster Configuration

from [Sherman, Keith] Network Security [Permanent Link]
Subject: Initial Cluster Configuration
Date: Thu, 16 Sep 2004 11:57:20 -0400 
 I am installing Firewall-1 NG AI R55 on SecurePlatform.  I am trying to
get the cluster configuration to work correctly.  I have 2 firewalls and
a separate SmartCenter server.  Individually the firewalls work fine.
When I try to put them in a active/standby HA configuration, I get SLOW
to NO performance.  I believe it may be a topology issue, and I have
tried giving each firewall it's own individual topology as if they were
separate and adding them to a cluster object which has a separate
topology all it's own for it's VIPs, i.e., no IP address is used twice
in the configuration.  I have also tried giving each firewall module the
same topology that I am using for the cluster object, as CheckPoint's
documentation SEEMS to indicate but is not really clear on.  
 
An interesting thing is that from Internal to DMZ performance is fine,
but going externally I'm getting 75% packet loss.
 
Does anyone know the proper topology for this configuration?
 
 

 
***************************************
Keith Sherman
Senior Network Engineer
Wilmington Finance, Inc.
Phone: 484-685-1332
ksherman@wnfnet.com
***************************************
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: 1 VPN client only through PIX, Wozny, Scott \(US - New York\)
Next by Date:  Re: Enterprise Personal Firewall Solution, ph03n1x
Previous by Thread:  Enterprise Personal Firewall Solution, bsec
Next by Thread:  Re: Initial Cluster Configuration, Rob Hughes
Indexes:  [Date] [Thread] [Top] [All Lists]