Switching to broadcast mode : cphaconf set_ccp broadcast
Switching to multicast mode : cphaconf set_ccp multicast
Default settings in $FWDIR/boot/ha_boot.conf are
ha_installed 1
ccp_mode broadcast
When using ClusterXL udp port 8116 is sent on all the interfaces of the gateway cluster members (except those define in $FWDIR/conf/discntd.if). UDP port 8116 is necessary for cluster health check. Checkpoint High-Availability is located between vpn-1/firewall-1 kernel and the network cards. This is the reason why security policy cant block synchronization data. So we dont need to create explicite rule in the dashboard for it. This is also the reason CCP packets should be captured via tcpdump.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.