How to connect SmartCenter to Nokia VRRPv2

doccocaubai · #1 (**permalink**) 2008-08-05

Hi, all
Please instruct me how to configure VRRPv2 on IPSO 4.2 and how to connect the smartcenter to VRRPv2. Because VRRPv2 doesn't have the VIP.
thanks all.

mcnallym · #2 (**permalink**) 2008-08-05

You wouldn't connect the SMARTCenter to the vrrp address.

You connect the SMARTCenter to the individual nodes in the vrrp cluster. ie

if .1 is the vrrp address, .2 and .3 are the individual nodes then you connect .2 and .3 as individual gateways establish SIC, attach license etc.

You then define the Check Point Cluster and add the .2 and .3 gateways as members.

If you want to use VRRP then you need to goto Legacy Configuration under VRRP. Simple Mode VRRP is purely for Monitored Circuit.

doccocaubai · #3 (**permalink**) 2008-08-05

Quote:

Originally Posted by mcnallym

You wouldn't connect the SMARTCenter to the vrrp address.

You connect the SMARTCenter to the individual nodes in the vrrp cluster. ie

if .1 is the vrrp address, .2 and .3 are the individual nodes then you connect .2 and .3 as individual gateways establish SIC, attach license etc.

You then define the Check Point Cluster and add the .2 and .3 gateways as members.

If you want to use VRRP then you need to goto Legacy Configuration under VRRP. Simple Mode VRRP is purely for Monitored Circuit.

Thanks mcnallym,
But I need to use the VRRPv2, not VRRP monitored Circuit.
I can connect the SMARTCENTER to the VRRP monitored circuit group because it have the VIP.
But now, i want to use the VRRPv2. What can I do to connect SMARTCENTER to VRRPv2 group? Does I define the IP of the active device as VIP of VRRPv2 group?

doccocaubai · #4 (**permalink**) 2008-08-07

no one can help me?
Help me please

mcnallym · #5 (**permalink**) 2008-08-08

I will say it again!

Check Point SMARTCenter DOES NOT connect to the VRRP address in a VRRP pair.

You should connect the SMARTCenter to the individual nodes in a VRRP pair.

ie connect the two individual nodes to the SMARTCenter as if there is no VRRP.

You then define the Check Point Cluster Object and say that the two nodes are Cluster Members which makes the node objects part of the cluster and they are relocated to be underneath the Cluster Object and the settings are moved to the Cluster Object. The IP address used for the Cluster Object is the VRRP address but the SMARTCenter actually connects to the individual node IP addresses not the VRRP address.

To configure VRRPv2 then you need to use VRRP then goto the Legacy Configuration and manually configure the VRRP. Addressing scheme as already explained. ie x.x.x.1 as the vrrp vip with x.x.x.2 and x.x.x.3 as the individual node ip's.

As a question why cannot you use VRRP monitored Circuit as only the two Nokia's in question will be talking within this VRRP Group.

It's not that no one can help you with this merely that what you are asking to do is incorrect.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode