Re: [FW1] Clustering and Secure Client

Sat, 15 Sep 2001 02:02:02 -0700 



You will need to convert to using IKE, see phoneboy and your SP2/3/4
release notes for documentation on 'fw internalca' and other configuration
options required.

Chipper

On Thu, 13 Sep 2001, Graff, Tracy wrote:

>
>Hello all,
>
>Last weekend I implemented clustering of our two firewalls for full failover of VPNs, 
>etc.  We are running Nokia firewalls and we had been using VRRP with state 
>synchronization for a while, but wanted VPN failover as well.  Our IKE VPNs to our 
>other sites are working fine.  Our Secure Client connections which use FWZ are no 
>longer working.  The CPVP-VSC-5-V41 license for Secure Client is installed on the 
>primary firewall only.  The Secure Client object on each of the clients points to our 
>management console.  I went back and forth with the vendor as to whether the VSC 
>license should be installed on the management console or the firewall and he finally 
>decided it should be the firewall.
>
>Question:  I don't know exactly how the Secure Client session is established, but if 
>it is trying to talk to the firewall object which no longer has a VPN tab because it 
>is part of the cluster, would this be the root of the problem.
>
>Any ideas/suggestions would be welcome.
>
>Thanks, Tracy
>
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>Tracy Graff
>Unix/Firewall Administrator
>Forum Financial Group
>Two Portland Square
>Portland, ME  04101
>207-822-6515
>
>
>
>================================================================================
>     To unsubscribe from this mailing list, please see the instructions at
>               http://www.checkpoint.com/services/mailing.html
>================================================================================
>

------
                    Please encrypt anything important.
PGP Key: http://wwwkeys.pgp.net:11371/pks/lookup?op=get&search=0x6CFA486D



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to