Firewall Wizards mailing list archives
RE: Sync Firewall Policy (Checkpoint NG FP2)
From: Yinal Ozkan <Yinal.Ozkan () Integralis Com>
Date: Wed, 30 Jul 2003 15:59:22 -0400
Since you are planning to synch firewall rulebase, I assume that you are planning to synch the management server. You cannot sync only rules, you need many other elements (e.g. object repository, certificates). You must have a distributed installation which means that your management server and the firewall modules must be installed on separate boxes. The best way to accomplish this task is to use "Management HA" feature of Check Point. The second server must be installed as secondary, if you have the correct licenses the rest is simple. If you are interested in this feature I may post more information. Management HA only works on identical OS and distributed installations. Alternate setup without Management HA: Since FW-1 is a certificate authority you should copy certificates, and the certificates are bound to the name of the hosts, so cold stand-by scenarios are not simple "copy files" setups. Both hosts should have the same FQDN (though it doesn't sound logical) In FP3 I would recommend using upgrade export import utilities which work perfect (you still need to change IPs). In this scenario you may not get logs to the secondary when it is not active. fyi, - yinal ozkan -----Original Message----- From: Elvie Lee [mailto:elvielee74 () hotmail com] Sent: Wednesday, July 30, 2003 4:33 AM To: firewall-wizards () honor icsalabs com Subject: [fw-wiz] Sync Firewall Policy (Checkpoint NG FP2) Hi, I am setting up a new firewall (Checkpoint NG FP2) at another site (not HA). Any idea what is the best way to sync the firewall rulebase between two firewall located at two different place? Thanks! _________________________________________________________________ Send a fun phone greeting to your friend! http://www.msn.com.sg/mobile/fungreetings/ _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards Please note that: 1. This e-mail may constitute privileged information. If you are not the intended recipient, you have received this confidential email and any attachments transmitted with it in error and you must not disclose, copy, circulate or in any other way use or rely on this information. 2. E-mails to and from the company are monitored for operational reasons and in accordance with lawful business practices. 3. The contents of this email are those of the individual and do not necessarily represent the views of the company. 4. The company does not conclude contracts by email and all negotiations are subject to contract. 5. The company accepts no responsibility once an e-mail and any attachments is sent. http://www.integralis.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Sync Firewall Policy (Checkpoint NG FP2) Elvie Lee (Jul 30)
- <Possible follow-ups>
- RE: Sync Firewall Policy (Checkpoint NG FP2) Yinal Ozkan (Jul 30)