Solved

Nokia IP260 High Availablity

Posted on 2007-03-26
2
828 Views
Last Modified: 2013-11-16
I have got the job of setting up two Nokia IP260s in a high availability (either active-passive or active-active), my main experience is with Checkpoint only (on SPLAT/Windows). I have looked through some docs on setting up IPSO for HA but it's not that clear. I want someone with experience of doing this to do write a description of the process of setting this up (the easiest and simplest way possible to achieve HA and get CP up and running). Also:

Am I right in thinking IPSO is solely responsible for the HA? and that the only config CP needs is to allow multicast between the devices?

Whats the process of installing CP on them?

Can the connections between the devices be a crossover cable?  (the sync network)

thanks in advance
0
Comment
Question by:ma77smith
2 Comments
 
LVL 8

Expert Comment

by:charan_jeetsingh
ID: 18813380
Ur second Q first (Am I right in thinking IPSO is solely responsible for the HA? and that the only config CP needs is to allow multicast between the devices? ) : NO, The Chekpoint has to be configured simultaneously for making a complete fully functional Cluster.

Q : Whats the process of installing CP on them? : get the CP_ipso package. Upload it on the flash through nokia voyager and install it from there. :).. also check for the latest hotfixes for that version.

Q : Can the connections between the devices be a crossover cable?  (the sync network)  ---> i will say avoid that. It will work but i dont know the reason why somtimes this way cluster goes out of sync and starts misbehaving.

Regarding your first Q : where are u getting confused? its a bit lengthy and i am very lazy to type so i will focus on where exactly u are getting stuck....
0
 
LVL 4

Accepted Solution

by:
nstand earned 500 total points
ID: 18849885
You have a couple of choices, either setup Clustering using ClusterXL or my recommendation would be to setup simple active-passive failover using VRRP on the Nokia IPSO boxes. This method just requires a standard install of CheckPoint on the IPSO platform (no ClusterXL required). Once you have 2 IP platforms running IPSO then you setup and configure VRRP (monitored circuits rather than VRRPv2). You will need a sync network/cable which you dont include in the VRRP setup. Read the IPSO documentation on VRRP setup, its very good and straight forward.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Watchguard test environment ? 3 76
GPR - Cannot telnet 15 88
Fortigate 5.2.4 FSSO Cannot Authenticate and User Name Not shown in Traffic Log 2 2,340
centos7 firewalld udp ports 33 78
Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question