Secondary Management Server

[dclegg]

Newbie Question......

I am about to set up a New Management Server on Solaris...running in the UK.....I intend to set up my Secondary server in the USA.

Agreed that these two servers need to stay in sync....etc......


We have a vpn link between these two offices......

However.....if my vpn link goes down ( for whatever reason ) I would loose connection.

How do I set these two management Stations up so that they communicate outside of the VPN ?

[maurox]

Is the secondary management station on the VPN domain of the remote firewall ?

[Lackie]

To sync between the two managment stations, they will both have to have a static nat to an external IP address. These external IP addresses shouldn't be in the encryption domain so they shouldn't go through the tunnel.

If they are and you are using simplifed mode rulebase then you can 'exclude' the port that the management HA uses for it's sync. It uses port 18221. This iwill prevent the firewall from encrypting traffic on this port and send it in the clear. Have to make sure the traffic is going to a public IP address or it won't ever get there.