Thanks Gary I think i may have not not explained myself correctly
the cluster members are on seperate networks and will have no vrrp on this address, these are the managed ip addresses, however i think i will simply use the other internal addresssing for the cluster members which is on the same network and does have a vrrp address, and have the other two networks for management only for the firewalls, as i think your saying it is right to have the cluster members defined with a vrrp and must be on the same network so my SIC will be made to to these internal addreses of the cluster and, and simply have the two do you see any issues with this, does the management of both firewalls, over ssh and https have to have a vrrp, the firewalls are located in different locations on different networks --- On Mon, 18/10/10, Gary Scott <accesslimi...@yahoo.com> wrote: From: Gary Scott <accesslimi...@yahoo.com> Subject: Re: [FW-1] IP addressing of firewalls and cluster topology To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Date: Monday, 18 October, 2010, 18:09 sets of interfaces participating in vrrp must be on the same network, vrrp can have no hops between these interfaces, ________________________________ From: Peter Addy <wavema...@yahoo.com> To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Sent: Mon, October 18, 2010 12:49:21 PM Subject: Re: [FW-1] IP addressing of firewalls and cluster topology Hi, Does anyone of any thoughts on this, any help is appreciated Thanks On Sun Oct 17th, 2010 8:25 PM BST Peter Addy wrote: >i was thinking would it be easier to assign the cluster memebers the same >network and this will have a vrrp address, sp change the hostname ip to the >new >addresss, keeping the hostname as it is. >the ip i mentioned will still rbe the management ip's therefoe can simply >manage >the firewalls on those ip's ssh, https etc, so in dns have the hostnames >resolve >to the 172.22.28.29 an 172.21.28.29 > >Hope this makes sense > >--- On Sun, 17/10/10, Peter Addy <wavema...@yahoo.com> wrote: > >From: Peter Addy <wavema...@yahoo.com> >Subject: [FW-1] IP addressing of firewalls and cluster topology >To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM >Date: Sunday, 17 October, 2010, 20:05 > >Hi, > >Does anyone know of any issues where two firewall modules(cluster >members)which >have differnt iP's that are in a Checkpint Nokia VRRP cluster? > >Scenario, one module is assigned for example 172.22.28.29, the other module is >172.21.28.29, these modules are also managed IP's, that is we will conect to >these models on ssh and https etc, and the hostname are those IP's, the >cluster >IP is a 147.x.x.x > >There is no cluster for the modules as they are not on the same network. >The toplogy looks strange in the fact that it does not run contiguous, so >looking at the topo of the checkpoint cluster we have one interface on each >module, no vrrp, same interface though, eth1c0 > >i know there will no vrrp for this and cpha status should be fine as long as >we >have the synch, so active/active should be seen, or will this cause an issue? > >Can anyone see an issue with this config, or should the cluster members have >to >be on the same network? > > >Thanks > > > > > > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to lists...@amadeus.us.checkpoint.com >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >fw-1-ow...@ts.checkpoint.com >================================================= > > > > Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com =================================================