Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
olgrech
Explorer

Dynamic groups in crypt.def file for "NON_VPN_TRAFFIC_RULES"

Jump to solution

sk113112 shows an example for gateways. What is the correct method for the gateway members in a cluster?

all@cluster1

all@{member1a,member1b}

IP addresses for external interfaces need to be excluded from VPN so Remote Access clients can connect. I'd prefer to add on multiple clusters, each with their unique addresses.

 

Thanks,

Greg

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
Legend
Legend

After years of CP clustering, GW4a and GW4b naturally represent two cluster nodes to me - but it is not explained in sk113112. But e.g., in ClusterXL R80.40 Administration Guide p.48, Example ClusterXL Topology Example Diagram has in Description:

Security Gateway - Cluster Member A

Security Gateway - Cluster Member B

View solution in original post

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

You have to list the individual members, I believe, so your second example.

0 Kudos
G_W_Albrecht
Legend
Legend

The sk113112 already gives a good example for the cluster nodes of gw4 in line 3:

all@{gw4a,gw4b} vpn_exclude={192.168.4.1,192.168.4.255};

0 Kudos
olgrech
Explorer

That's what I was thinking, but didn't want to assume. There's no mention of cluster. I'll give that a shot.

Thanks!

 

0 Kudos
G_W_Albrecht
Legend
Legend

After years of CP clustering, GW4a and GW4b naturally represent two cluster nodes to me - but it is not explained in sk113112. But e.g., in ClusterXL R80.40 Administration Guide p.48, Example ClusterXL Topology Example Diagram has in Description:

Security Gateway - Cluster Member A

Security Gateway - Cluster Member B

View solution in original post

0 Kudos