Thanks for the hint on Multiple Entry Points but I knew about that already
:)
The problem is a bit more complex than that. The SR users are not dialling
in through the Internet, they are dialling in through a proprietary dialup
network which could route them to one or other of the gateway locations in a
random (load balanced) way. This means that the SR user could end up at
either gateway. If the SR setup says that they have a primary gateway at
10.0.1.1, for example, and they end up at the other on 10.0.2.1 then they
won't get a connection, presumably.
I had thought about giving both firewalls the same IP address since they
don't know about each other. It would then not matter which firewall the SR
user ended up at. BUT......
The SR users are using an X.509 certificate to get authenticated by the
firewall. Can the two firewalls share the same certificate? Do they need to?
Is the firewall certificate information contained in the "site" file that
gets sent to the SR user?
Loads of questions but then this one is really tricky.
Steve Pollard
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
