CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 8 of 8

Thread: Cluster with Solaris 9

  1. #1
    Join Date
    2007-09-20
    Location
    Montevideo
    Posts
    11
    Rep Power
    0

    Default Cluster with Solaris 9

    Dear friends,

    I have been looking for information about setting up a cluster of firewalls running Solaris 9 but I am unable to find enough information.
    Could anyone point me in to the right direction? Is this possible? Does anyone have experience on this matter?

    Thank you very much.
    Pablo Miņo

    Nokia NCSA/NCSP
    Check Point CCSA/CCSE/CCSE+ NGX

  2. #2
    Join Date
    2007-07-16
    Location
    a land down under!
    Posts
    2,015
    Rep Power
    18

    Default Re: Cluster with Solaris 9

    If you're a CCSE+, then you should be aware of all the online documentation that Check Point themselves provide. RTFM, The install process for Solaris is documented in the manuals, complete with specifications around OS packages.

  3. #3
    Join Date
    2007-09-20
    Location
    Montevideo
    Posts
    11
    Rep Power
    0

    Default Re: Cluster with Solaris 9

    CCSE+ is about SecurePlatform and troubleshooting commands and not about Solaris, you know that. I am not experienced in Solaris. As you can see I am certified in Check Point and Nokia but not Solaris.

    I am aware of the online resources that CheckPoint and SUN Microsystems have but having read the documentation I found it quite vague and not precise at all. I am looking for someone who has successfully set up a VPN-1 cluster with Solaris to save me a few hours of research. That is all.

    If you are not the appropriate person to answer this thread you should not have answered at all. I do not understand why your answer is aggressive if I made just a simple question. If you don't like to share your knowledge it is OK but there is no need to answer using bad manners. Thank you anyway.

    Any one else?
    Pablo Miņo

    Nokia NCSA/NCSP
    Check Point CCSA/CCSE/CCSE+ NGX

  4. #4
    Join Date
    2007-07-16
    Location
    a land down under!
    Posts
    2,015
    Rep Power
    18

    Default Re: Cluster with Solaris 9

    So what is your specific issue? How to install Solaris?

    As you know, once VPN-1 is installed the base OS is largely irrelevant. Required packages are documented in the release notes and Check Point install guides. ClusterXL is part of the CCSE course, as is OS requirements, including Solaris. The ClusterXL documentation is very good at explaining the architecture and cluster design. Without a specific question, it's almost impossible to provide a specific answer to what you're asking.

  5. #5
    Join Date
    2007-09-20
    Location
    Montevideo
    Posts
    11
    Rep Power
    0

    Default Re: Cluster with Solaris 9

    In NOKIA HA is achieved by VRRP and Load Sharing is achieved by IPSO Clustering, both OS functions. What Check Point does is state synchronization but the clustering is a OS concern.
    What in solaris provides the HA or Load Sharing? Is it possible to have one or the other or just HA?

    In the clusterXL guide explains everything to be done in the Check Point products, but not what is to be done in the Sun boxes before.
    It is clear what is to be installed on Solaris to set up a VPN-1 firewall but not what work is needed before. Is the cluster to be set up before installing checkpoint products as in Nokia? Is the cluster done by the checkpoint or solaris?

    I reviewed the CCSE book and no mention to Solaris there, my book Document# DOC-VPN-02-S-NGX-1.1 and Revision# RSNGX001.1. What version is you book? I have found no document in the Sun website to describe clustering under solaris.

    Thank you very much.
    Pablo Miņo

    Nokia NCSA/NCSP
    Check Point CCSA/CCSE/CCSE+ NGX

  6. #6
    Join Date
    2007-07-16
    Location
    a land down under!
    Posts
    2,015
    Rep Power
    18

    Default Re: Cluster with Solaris 9

    Clustering is handled by ClusterXL within Check Point. There is no need to set up OS-level Clustering in Solaris. Check Point handles the state sync (as it does in Nokia's solution) and the failover mechanics.

  7. #7
    Join Date
    2007-09-20
    Location
    Montevideo
    Posts
    11
    Rep Power
    0

    Default Re: Cluster with Solaris 9

    Thank you very much for you answer.

    I guess that the Virtual IP, proxy ARP entries for shared IP address will be handled by Cluster XL, am I correct?
    Pablo Miņo

    Nokia NCSA/NCSP
    Check Point CCSA/CCSE/CCSE+ NGX

  8. #8
    Join Date
    2007-07-16
    Location
    a land down under!
    Posts
    2,015
    Rep Power
    18

    Default Re: Cluster with Solaris 9

    Quote Originally Posted by pablomino View Post
    Thank you very much for you answer.

    I guess that the Virtual IP, proxy ARP entries for shared IP address will be handled by Cluster XL, am I correct?
    Yes. You may need to manually manage some of the proxy arp configuration through local.arp files, but this is a Check Point function. Search this board and SecureKnowledge for some of the potential issues around this.

Similar Threads

  1. No traffic on Cluster Sync interface - Splat 2.6 Cluster XL HA
    By Xoron in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 11
    Last Post: 2009-02-17, 09:05
  2. HA Cluster problem - cluster members can't be active at same time
    By jdickson in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 1
    Last Post: 2008-04-30, 11:17
  3. DHCP Relay on a Solaris 10 Cluster XL Setup?
    By GordonCopestake in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 2
    Last Post: 2007-09-17, 03:30
  4. Config HA cluster on solaris 9
    By seanw in forum Sun Solaris
    Replies: 1
    Last Post: 2007-02-21, 13:46
  5. Replies: 5
    Last Post: 2006-08-19, 04:38

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •