RE: [fw-wiz] Sync Firewall Policy (Checkpoint NG FP2)

From: Yinal Ozkan (Yinal.Ozkan_at_Integralis.Com)
Date: 07/30/03

  • Next message: Monkman, Brian: "RE: [fw-wiz] blocking hotmail and microsoft messenger traffic"
    To: firewall-wizards@honor.icsalabs.com
    Date: Wed, 30 Jul 2003 15:59:22 -0400
    
    

    Since you are planning to synch firewall rulebase, I assume that you are
    planning to synch the management server. You cannot sync only rules, you
    need many other elements (e.g. object repository, certificates). You must
    have a distributed installation which means that your management server and
    the firewall modules must be installed on separate boxes.

    The best way to accomplish this task is to use "Management HA" feature of
    Check Point. The second server must be installed as secondary, if you have
    the correct licenses the rest is simple. If you are interested in this
    feature I may post more information. Management HA only works on identical
    OS and distributed installations.

    Alternate setup without Management HA: Since FW-1 is a certificate authority
    you should copy certificates, and the certificates are bound to the name of
    the hosts, so cold stand-by scenarios are not simple "copy files" setups.
    Both hosts should have the same FQDN (though it doesn't sound logical) In
    FP3 I would recommend using upgrade export import utilities which work
    perfect (you still need to change IPs). In this scenario you may not get
    logs to the secondary when it is not active.

    fyi,
    - yinal ozkan

    -----Original Message-----
    From: Elvie Lee [mailto:elvielee74@hotmail.com]
    Sent: Wednesday, July 30, 2003 4:33 AM
    To: firewall-wizards@honor.icsalabs.com
    Subject: [fw-wiz] Sync Firewall Policy (Checkpoint NG FP2)

    Hi,

    I am setting up a new firewall (Checkpoint NG FP2) at another site (not HA).

    Any idea what is the best way to sync the firewall rulebase between two
    firewall located at two different place?

    Thanks!

    _________________________________________________________________
    Send a fun phone greeting to your friend!
    http://www.msn.com.sg/mobile/fungreetings/

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

    Please note that:
     
    1. This e-mail may constitute privileged information. If you are not the intended recipient, you have received this confidential email and any attachments transmitted with it in error and you must not disclose, copy, circulate or in any other way use or rely on this information.
    2. E-mails to and from the company are monitored for operational reasons and in accordance with lawful business practices.
    3. The contents of this email are those of the individual and do not necessarily represent the views of the company.
    4. The company does not conclude contracts by email and all negotiations are subject to contract.
    5. The company accepts no responsibility once an e-mail and any attachments is sent.

    http://www.integralis.com

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Monkman, Brian: "RE: [fw-wiz] blocking hotmail and microsoft messenger traffic"