can someone with Provider-1 NGx R65 explain this to me?
scenario:
Provider-1 NGx R65 (Mandger & Container) with HFA_02 on SPLAT.
Backup SmartCenter (SMC) NGx R65 with HFA_02 on SPLAT.
Provider-1 has an IP address of 10.250.97.1/24
Backup SmartCenter (SMC) has an IP address of 10.250.97.10/24
Here is what I did:
a- clean install of P-1 NGx R65,
b- apply hfa-02 on P-1 box,
c- clean install SmartCenter NGx R65,
d- apply hfa-02 on the SmartCenter,
e- create global policies in P-1,
f- create a new CMA with ip address of 10.250.97.23,
g- apply global policy to that CMA,
h- add backup SMC into the CMA and perform SIC,
i- add Nokia Enforcement Modules into the CMA and perform SIC,
j- on the gateway cluster, select both the CMA and SMartCenter
to manage the gateway cluster. Furthermore, both CMA and
SmartCenter is selected as log servers as well,
k- under global properties, select "synchronization" everytime
the policy is saved,
l- create a few rules in the security policy,
m- install the database,
n- install the policy,
At this point, the CMA is listed as "Active" and the SmartCenter
is listed "standby". So far so good.
Next, I simulated a metldown by shutting down the P-1 server
completely with "shutdown". Now, I log into the SmartCenter
and switch it over to "active". I then created a few more rules,
push the policy to the nokia gateway cluster. Again everything
is good. Remember at this point, the P-1 is DOWN.
Next, I bring the P-1 back online. When the P-1 is completely
back online, I see both the CMA and the SmartCenter is shown
as "active". When I do a 'High Availability detailed status',
I see it is listed as "collision". Basically, whatever changes
I made in the SmartCenter is not replicated over the CMA.
Has anyone actually deployed this configuration in a production
environment and it actually works? This seems to me like another
"broken" product from checkpoint in term of High Availability.
This configuration is clearly supported as listed in the
Provider-1 NGx training courseware.
I would like to deploy this configuration in my environment;
however, from what I've seen so far, I am NOT very impressed by it.
---------------------------------
Looking for last minute shopping deals? Find them fast with Yahoo! Search.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
