Steve,
Checkpoint calls this configuration Multiple Entry Point (MEP)
Short answer, assuming the properties and network objects are correctly
configured for MEP:
The SecuRemote Client (SR) has one site set up: the primary fw.
In the user.C that SR downloads from that site, the definition of the
primary fw includes a reference to the backup fw with a label of
":BackupGws". By default the SR does an RDP check once a minute to make
sure the primary is up. If the primary returns no status, SR routes all
_new_ SecuRemote connections to the backup.
When the primary goes back online, SR gets an RDP status check back and
routes _new_ connections to the primary again.
There are a number of other issues to get the config right (i.e., avoid
asymmetric routing):
dual IP Pool NAT, static routing, etc.
Hope this helps
Michael
-----michael cannella ccsi mailto:[EMAIL PROTECTED]
-----Internet Security Systems, Secure University
-----http://www.iss.net/
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, June 08, 2000 9:28 AM
> To: [EMAIL PROTECTED]
> Subject: [FW1] SecuRemote Query
>
>
> So, we have two separate gateways and a dialup client running
> SecuRemote
> Build 4153. Firewall-1 is CP2000. The firewalls WILL have overlapping
> encryption domains because they are gateways to the same network.
>
> Question: How does SecuRemote deal with this in its userc.C
> file? Is it the
> case that SecuRemote will try the first site in the file and then, on
> failure, try the second site?
>
> Answers on a postcard.....
>
> Steve Pollard
> BT Syncordia
>
>
>
>
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
