I want to pass on some info about SYNC on Solaris 2.6/cluster patches
and FW1-v3.0b 3064 patch. This is undocumented but a must!
This seems to be crucial on systems where the control module and pfm
are not on the same system...
Our config has three systems. Non-vpn and no NAT just packet
filtering...
control
pfm
pfm
Creating /etc/fw/sync.conf and putkey on the pfm modules is not enough!
Modify the file below table.def and comment out the "#define sync"
command.
Then recompile and download your rule sets to the pfm modules...
This seems to be crucial on systems where the control module and pfm
are not on the same system...so if you have two systems
control/pfm
pfm
you will need to do this table.def mod...
$ more /etc/fw/lib/table.def
#ifndef __table_def__
#define __table_def__
//
// (c) Copyright 1993-1997 Check Point Software Technologies Ltd.
// All rights reserved.
//
// This is proprietary information of Check Point Software Technologies
// Ltd., which is provided for informational purposes only and for use
// solely in conjunction with the authorized use of Check Point Software
// Technologies Ltd. products. The viewing and use of this information
is
// subject, to the extent appropriate, to the terms and conditions of
the
// license agreement that authorizes the use of the relevant product.
//
//
// $Header: /fw/cvs/fw-1/fwlib/table.def,v 1.42.2.20 1998/01/01 08:09:47
ofer Ex
p $
//
// The following #define should be removed to enable FW-1
synchronization
//#define sync
and FW1-v3.0b 3064 patch. This is undocumented but a must!
This seems to be crucial on systems where the control module and pfm
are not on the same system...
Our config has three systems. Non-vpn and no NAT just packet
filtering...
control
pfm
pfm
Creating /etc/fw/sync.conf and putkey on the pfm modules is not enough!
Modify the file below table.def and comment out the "#define sync"
command.
Then recompile and download your rule sets to the pfm modules...
This seems to be crucial on systems where the control module and pfm
are not on the same system...so if you have two systems
control/pfm
pfm
you will need to do this table.def mod...
$ more /etc/fw/lib/table.def
#ifndef __table_def__
#define __table_def__
//
// (c) Copyright 1993-1997 Check Point Software Technologies Ltd.
// All rights reserved.
//
// This is proprietary information of Check Point Software Technologies
// Ltd., which is provided for informational purposes only and for use
// solely in conjunction with the authorized use of Check Point Software
// Technologies Ltd. products. The viewing and use of this information
is
// subject, to the extent appropriate, to the terms and conditions of
the
// license agreement that authorizes the use of the relevant product.
//
//
// $Header: /fw/cvs/fw-1/fwlib/table.def,v 1.42.2.20 1998/01/01 08:09:47
ofer Ex
p $
//
// The following #define should be removed to enable FW-1
synchronization
//#define sync
No comments:
Post a Comment