sets of interfaces participating in vrrp must be on the same network, vrrp can have no hops between these interfaces,
________________________________ From: Peter Addy <[email protected]> To: [email protected] Sent: Mon, October 18, 2010 12:49:21 PM Subject: Re: [FW-1] IP addressing of firewalls and cluster topology Hi, Does anyone of any thoughts on this, any help is appreciated Thanks On Sun Oct 17th, 2010 8:25 PM BST Peter Addy wrote: >i was thinking would it be easier to assign the cluster memebers the same >network and this will have a vrrp address, sp change the hostname ip to the >new >addresss, keeping the hostname as it is. >the ip i mentioned will still rbe the management ip's therefoe can simply >manage >the firewalls on those ip's ssh, https etc, so in dns have the hostnames >resolve >to the 172.22.28.29 an 172.21.28.29 > >Hope this makes sense > >--- On Sun, 17/10/10, Peter Addy <[email protected]> wrote: > >From: Peter Addy <[email protected]> >Subject: [FW-1] IP addressing of firewalls and cluster topology >To: [email protected] >Date: Sunday, 17 October, 2010, 20:05 > >Hi, > >Does anyone know of any issues where two firewall modules(cluster >members)which >have differnt iP's that are in a Checkpint Nokia VRRP cluster? > >Scenario, one module is assigned for example 172.22.28.29, the other module is >172.21.28.29, these modules are also managed IP's, that is we will conect to >these models on ssh and https etc, and the hostname are those IP's, the >cluster >IP is a 147.x.x.x > >There is no cluster for the modules as they are not on the same network. >The toplogy looks strange in the fact that it does not run contiguous, so >looking at the topo of the checkpoint cluster we have one interface on each >module, no vrrp, same interface though, eth1c0 > >i know there will no vrrp for this and cpha status should be fine as long as >we >have the synch, so active/active should be seen, or will this cause an issue? > >Can anyone see an issue with this config, or should the cluster members have >to >be on the same network? > > >Thanks > > > > > > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [email protected] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[email protected] >================================================= > > > > Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
