[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] Stonebeat and FW policy sync
I'm trying to get a stonebeat 3.1 (on NT v4 sp5, FW-1 v4.1) HA setup
designed, and I've run in to a little snag...
the two firewalls will be VIGs and not VPN-1 modules with a separate
mgmt module. So I haven't found a way to use a separate mgmt module with
VIGs and as a consequence, there's no simple way to maintain
synchronized policies on the two machines. If anybody has a solution to
these two issues, please interject.
So, my solution is to ftp the relevant config files from the primary to
the secondary with at on a very regular interval. There are two main
questions:
1. I'll tunnel the ftp so it's secured, but does anybody know of a good,
lean ftp server for NT that supports an encrypted password file, and
host based restrictions? I can't run ftp that authenticates on the NT
password, and I won't put a cleartext password file on disk.
2. How could I detect when a policy is installed so that I can
automagically update the files when that happens?
--
Earl Robinson
Network Security Analyst
SeNet International Corp
earl_robinson@senet-int.com
===============================================================
In God we Trust -- all others must submit an X.509 certificate.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
