Filter
Top Products
Nokia Network Voyager for IPSO 4.0 Reference Guide 223
The secondary interfaces of all the cluster nodes must belong to the same subnet. This
subnet should not carry any other traffic unless you use it to carry firewall synchronization
traffic. (See “Configuring NGX for Clustering” for information about selecting the firewall
synchronization network.) Secondary interfaces are optional.
6. If you are using multicast with IGMP mode and do not want to use the default IP multicast
group address, enter a new address in the range 239.0.0.0 to 239.255.255.255.
7. Click Apply.
Configuring Firewall Monitoring
Use the option Enable VPN-1 NG/FW-1 monitoring? in the firewall table to specify whether
IPSO should wait for NGX to start before the system becomes a node of a cluster—even if it is
the only node of the cluster. (This is particularly relevant if a cluster node is rebooted while it is
in service.) This option also specifies whether IPSO should monitor NGX and remove the node
from the cluster if the firewall stops functioning.
To enable firewall monitoring, click enable next to Enable VPN-1 NG/FW-1 monitoring? in the
firewall table.
If NGX is not running at the time you change the cluster state to up, click Disable next to Enable
VPN-1 NG/FW-1 monitoring? If NGX is not running and you do not disable firewall
monitoring, you cannot initialize the cluster protocol.
Note
Be sure to enable firewall monitoring before you put the cluster into service (assuming that
you are using NGX).
Supporting Non-Check Point Gateways and Clients
If your IPSO cluster will create VPN tunnels with non-Check Point gateways or clients, Click
the option for enabling non-Check Point gateway and client support on the Clustering Setup
Configuration page and then perform the following procedure:
1. If you want to support non-Check Point clients, click the option for enabling VPN clients.
This is all you have to do.
2. If you want to support non-Check Point gateways, enter the appropriate tunnel and mask
information, as explained in “Configuring VPN Tunnels.”
3. If you want to support IP pools, follow the instructions in “Configuring IP pools in Cluster
Voyager.”