The secondary interfaces of all the cluster nodes must belong to the same subnet. This subnet should not carry any other traffic unless you use it to carry firewall synchronization traffic. (See “Configuring NGX for Clustering” for information about selecting the firewall synchronization network.) Secondary interfaces are optional.

6.If you are using multicast with IGMP mode and do not want to use the default IP multicast group address, enter a new address in the range 239.0.0.0 to 239.255.255.255.

7.Click Apply.

Configuring Firewall Monitoring

Use the option Enable VPN-1 NG/FW-1 monitoring? in the firewall table to specify whether IPSO should wait for NGX to start before the system becomes a node of a cluster—even if it is the only node of the cluster. (This is particularly relevant if a cluster node is rebooted while it is in service.) This option also specifies whether IPSO should monitor NGX and remove the node from the cluster if the firewall stops functioning.

To enable firewall monitoring, click enable next to Enable VPN-1 NG/FW-1 monitoring? in the firewall table.

If NGX is not running at the time you change the cluster state to up, click Disable next to Enable VPN-1 NG/FW-1 monitoring? If NGX is not running and you do not disable firewall monitoring, you cannot initialize the cluster protocol.

Note

Be sure to enable firewall monitoring before you put the cluster into service (assuming that you are using NGX).

Supporting Non-Check Point Gateways and Clients

If your IPSO cluster will create VPN tunnels with non-Check Point gateways or clients, Click the option for enabling non-Check Point gateway and client support on the Clustering Setup Configuration page and then perform the following procedure:

1.If you want to support non-Check Point clients, click the option for enabling VPN clients. This is all you have to do.

2.If you want to support non-Check Point gateways, enter the appropriate tunnel and mask information, as explained in “Configuring VPN Tunnels.”

3.If you want to support IP pools, follow the instructions in “Configuring IP pools in Cluster Voyager.”

Nokia Network Voyager for IPSO 4.0 Reference Guide

223

Page 222 Page 224
Page 223
Image 223
Nokia IPSO 4.0 manual Configuring Firewall Monitoring, Supporting Non-Check Point Gateways and Clients
Page 222 Page 224
Top Page Image Contents