Why would this sk be obsolete? It details the steps for adding the SCS functionality from distributed to stand alone on the appliance. This goes against what CP has taught and recommended for the last 9 years. In addition to the performance hit you no longer can have your way with the SCS, reboot etc.., without affecting the production FW. I can't tell you how many times I have seen users forget about logging and let their hard drives fill up on an SCS, an SCS needing a reboot to clear its head, or recovery from a bad smartdefense update. IMHO you should always run distributed, but if CP is not going to let you with this appliance license then I guess you have no choice. Seems a bit cheesy on CP's part to allow/require you to do this only on their appliance and not other platforms, not that you would or should do it anyway.
-GS ----- Original Message ---- From: M. N. <[EMAIL PROTECTED]> To: [email protected] Sent: Tuesday, October 21, 2008 12:52:48 PM Subject: Re: [FW-1] Cluster on UTM Eugeniu, I imagine you are referring to sk33896. This has become obsolete as Checkpoint is now allowing Management HA on a UTM1 Cluster. Basically, you can run the SmartCenter Server in HA on those two same UTM1 appliances (that are already running in HA themselves). No extra licensing is required (Please correct me if I'm wrong) We've tried it in our lab environments and it appears the management HA is actually very solid. For example, we made some changes on the primary SCS and got disconnected for some reason and when we logged into the secondary unit, the changes had been saved and we were able to pursue. Obviously, this will have an impact in terms of performance on your network, especially if you're at the lower end of the UTM family and you have most of your UTM features enabled. Activating SmartDefence, Anti SPAM, Anti Virus, URL filtering AND have your SCS on the same box on a small UTM 270 (a Celeron machine!) and you'll see that it won't run anywhere near its theoretical data throughput. -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Eugeniu Patrascu Sent: October-20-08 7:23 PM To: [email protected] Subject: Re: [FW-1] Cluster on UTM Joe wrote: > I would like to know if is possible to perform a Standalone Deploymenton 2 > UTM devices and use them in a cluster. As the management policy will be > inside the UTM, the management policy must be created in both UTM’s? Or will > be replications between them? There is a document on Secure Knowledge that describes how this works on UTM-1. Long sotry short: one of the boxes will also act as a management server. No management H/A in this case, so no replication. You should be very careful when considering such a design because there is ~ 50% chance that the box that will fail is the one with the management on it. At the begining of the year, there was an option with Check Point that if you had 2 UTM-1 boxes you could talk to your local representative and get you a special management license that would allow you to run the management on a separate server without additional cost (as both UTM-1 boxes contain also a management server license). Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
