Checkpoint Load Balancing

[Neil Ratzlaff <Neil.Ratzlaff () ucop edu>]

I have a problem that must have been solved many times by now, but I can't
find it.  I need to implement load balancing for HTTPS using FireWall-1
from Checkpoint.  The logical server Properties allows HTTP or 'Other', but
HTTP does not allow https - the rules won't compile.  'Other' allows https,
but it does address translation without changing the URL, so when the
client hits the secure server, the authenticity certificate is invalid.
The URL remains as the logical URL of the virtual computer, not the
physical server with a certificate.

Does anyone have a good way to solve this?  I have thought about trying to
force FW-1 to change the URL when it changes the IP address (doubt this is
feasible), or edit the https service so it thinks it is http and vice versa
(this would certainly disrupt any other http server activity), or
installing multiple copies of the same certificate on all computers in the
logical group. I don't have any idea how the certificate would react to
being in more than one place, or being on a computer that does not match
its name; the certificate has been someone else's bailiwick.

I know people must be doing what I need to do, but are any of them using
Firewall-1 and readers of this list?

Thanks,
Neil