- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
With ClusterXL HA (active/standby) RE: office mode network for SSLVPN (network extender mode) - Is it recommended to define one OM network for each member in the cluster (a seperate network for each member)? Or is it recommended/required to have one office mode network defined (the same one) and configured one each member? My guess is with HA, they'll be using one gw or the other so it's preferred to define the same network.
Only one OfficeMode (MAB?) subnet for the whole SSLVPN NetX VPN Users - no need to create multiply OM subnets really. I don't get your point how HA is relevant to this ... have you ever used HA in Active/Passive mode before?
You know what VMAC stands for? or VIP on each "clusterred" interface? You don't need to worry about multiply OM subnets. Just make one, add to the config. and off you go
Per case 6-0001647364
Only one OfficeMode (MAB?) subnet for the whole SSLVPN NetX VPN Users - no need to create multiply OM subnets really. I don't get your point how HA is relevant to this ... have you ever used HA in Active/Passive mode before?
You know what VMAC stands for? or VIP on each "clusterred" interface? You don't need to worry about multiply OM subnets. Just make one, add to the config. and off you go
Office Mode addresses can be allocated from an IP pool or by a DHCP server. If addresses are allocated from an IP pool, a separate IP pool must be defined for every cluster member. This prevents the allocation of the same IP address to different clients simultaneously.
I assume I route these to my INT-VIP IP, not the respective gws.
Per case 6-0001647364
If you are assigning Office Mode IPs from the Pool, it makes sense to split it in two and serve half from each cluster member in HA configuration.
The reason for this is that if one of the unit has leased the IP to the client and then the failover has occurred, no duplicate IPs will be leased.
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY