CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 10/6, 11/3, 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8, 7/6, 8/3, 9/7.
2. Corrent S3500 SecureXL Turbocards For Sale - Last Six Remaining - Get Your Spares!
3. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > Clustering (Security Gateway HA and ClusterXL)
Reload this Page state sync & sic
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2007-02-21
birmingham birmingham is offline
Junior Member
  
Join Date: 2007-02-20
Posts: 7
Rep Power: 0
birmingham has an average reputation (10+)
Default state sync & sic
Hi

I remember in 4.1 for state sync you used to do put keys between the interfaces.

So, in NG & NGX put keys have been replaced by sic.

If sic failed on the member of a cluster would the state tables continue being kept up to date.

Not sure wether sic only covers management to gateway communication or sync to sync. I guess if it doesnt cover sync to sync what did checkpoint use to replace the putkeys.

Thanks
"Birmingham"
Reply With Quote
  #2 (permalink)  
Old 2007-02-21
chillyjim chillyjim is offline
Senior Member
  
Join Date: 2005-08-29
Location: Upstate NY
Posts: 1,648
Rep Power: 5
chillyjim has an average reputation (10+)
Send a message via AIM to chillyjim Send a message via Skype™ to chillyjim
Default Re: state sync & sic
It does cover sync and any other management protocols. All SIC is is TLS/SSL encryption. So if you are failing SIC it tends to mean communication between the hosts isn't working correctly
Reply With Quote
  #3 (permalink)  
Old 2007-02-21
birmingham birmingham is offline
Junior Member
  
Join Date: 2007-02-20
Posts: 7
Rep Power: 0
birmingham has an average reputation (10+)
Default Re: state sync & sic
So are you saying that if sic was reset / or got corrupted on a member of a cluster the state tables would not be able to be kept syncronised between the two members of the cluster....because the other member of the cluster whose sic might be ok would not recognise the other member.

I guess i am saying sic normally sets up a secure channel between management and gateway but does it also allow a secure channel between gateway and gateway for state table sync.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 20:11.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.0.0