Martin Hoz <martinhoz () gmail com> wrote:
On 9/13/06, Steve Willis <stevewillis () optusnet com au> wrote:
We currently run a pair of Nokia ip350's in a HA pair. We have a
address for each of the firewalls plus one for the VIP. We have been
successfully running SecureClient terminating on the VIP address
problems. However we are about to migrate to a new ISP that wants us
allocate private addresses to the firewalls and the VIP and they will
from the newly allocated public address range to us.
I am unable to see how SecureClient will work in this way. Our ISP
that this will work using NAT (they tell me this works on their
managed to track down one document on the net that basically says that
Checkpoint supplied an unsupported workaround, but even this will not
in a HA configuration, and I am certainly not interested in an
option. I have agreed to try and get this working on the proviso that
does not we will get public addressing for the firewalls, but so far I
been unsuccessful. Does anyone know if this is possible, and if so,
If you have a recent version (NGX), you can use the Link Selection
feature (under the
VPN properties on your cluster object), and then say that your cluster
"Statically NATed" behind NAT.
I don't know what unsupported workaround you are talking about, but if
referring to adding a fake external interface, this should work if you
dynamic interface resolving mechanism. :-)
HTH - Good luck!
**** ¿Hoy qué haz hecho para ahorrar agua? - What have you done today
to save water? - O que você têm feito hoje para conservar a água?
** Mi página web: http://gama.fime.uanl.mx/~mhoz/
* "Somos consecuencia del pasado, y causa de nuestro futuro."
** My Linux - http://www.slackware.com == My BSD -
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com