i was thinking would it be easier to assign the cluster memebers the same network and this will have a vrrp address, sp change the hostname ip to the new addresss, keeping the hostname as it is. the ip i mentioned will still rbe the management ip's therefoe can simply manage the firewalls on those ip's ssh, https etc, so in dns have the hostnames resolve to the 172.22.28.29 an 172.21.28.29
Hope this makes sense --- On Sun, 17/10/10, Peter Addy <[email protected]> wrote: From: Peter Addy <[email protected]> Subject: [FW-1] IP addressing of firewalls and cluster topology To: [email protected] Date: Sunday, 17 October, 2010, 20:05 Hi, Does anyone know of any issues where two firewall modules(cluster members)which have differnt iP's that are in a Checkpint Nokia VRRP cluster? Scenario, one module is assigned for example 172.22.28.29, the other module is 172.21.28.29, these modules are also managed IP's, that is we will conect to theseĀ models on ssh and https etc, and the hostname are those IP's, the cluster IP is a 147.x.x.x There is no cluster for the modules as they are not on the same network. The toplogy looks strange in the fact that it does not run contiguous, so looking at the topo of the checkpoint cluster we have one interface on each module, no vrrp, same interface though, eth1c0 i know there will no vrrp for this and cpha status should be fine as long as we have the synch, so active/active should be seen, or will this cause an issue? Can anyone see an issue with this config, or should the cluster members have to be on the same network? Thanks ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
