CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8, 7/6, 8/3.
2. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > Clustering (Security Gateway HA and ClusterXL)
Cluster multiple IP's Cluster multiple IP's
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2006-10-10
Junior Member
  
Join Date: 2006-10-10
Posts: 2
Rep Power: 0
MimaMint has an average reputation (10+)
Default Cluster multiple IP's
Hi CheckPoint experts, myself a humble newbe.

I´m trying to set up a cluster with NGX/ClusterXL, Load balancing mode.

Our problem is that we need to cluster a whole IP range - "192.168.0.2-254"
Is this possible with ClusterXL? We can only get a 1 IP cluster up and running.
Or am I missing some fundamental knowledge?!? Have trying with VLAN but without luck.

Anybody have a solution, thanks in advance!
Michael
Reply With Quote
  #2 (permalink)  
Old 2006-10-10
Senior Member
  
Join Date: 2006-07-28
Location: New Zealand
Posts: 853
Rep Power: 3
northlandboy has an average reputation (10+)
Default Re: Cluster multiple IP:s
Could you explain this a bit further?

Do you mean that you want to have 253 cluster IPs on one interface of a firewall?

What on earth would you do that for? It would leave only one IP available for a host in that subnet - what would be the point?
Reply With Quote
  #3 (permalink)  
Old 2006-10-10
Junior Member
  
Join Date: 2006-10-10
Posts: 2
Rep Power: 0
MimaMint has an average reputation (10+)
Default Re: Cluster multiple IP:s
Thanks for very fast reply!

Sorry that I didn´t explain it correct, it should be an IP range of external/public IP:s, not an internal range...

And the purpose of it should be to get multiple/diffrent HTTPS/SSL connections to diffrent locations/servers, and as i understand HTTPS/SSL needs a unice IP.

For example. Customer A needs a HTTPS/SSL connection to https://login.customerA.com and customer B need to get to https://login.customerB.com

Our enviroment:
ISP router: "192.168.0.1" - internal IP:s just for exempel...
Our IP range: "192.168.0.2-254"

We need to get diffrent services on diffrent IP:s accessible from Internet, preferable with a Load balanced cluster (NGX ClusterXL).

I guess that I´m missing some basic knowledge, but is this possible or should I us diffrent solution?

Best regards from the newbe.
Reply With Quote
  #4 (permalink)  
Old 2006-10-10
Senior Member
  
Join Date: 2006-07-28
Location: New Zealand
Posts: 853
Rep Power: 3
northlandboy has an average reputation (10+)
Default Re: Cluster multiple IP:s
In that case you probably want to do NAT. You don't want to configure a whole lot of cluster IPs. You will only configure one cluster IP, and tell your upstream router to route to the firewall cluster IP for the range of addresses you will be using for NAT.

You can do this with either routing - use something other than your NAT range for the network between the firewall and router - or you can do it with proxy ARP.

Read through this post http://www.cpug.org/forums/showpost....7&postcount=17
for some stuff about routing and NAT.

I think you've got a bit of reading on routing, NAT, and clustering coming up.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -7. The time now is 16:20.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.4
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.2.0