Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
PabloOttawa
Explorer

Load balancing - ConnectControl not NATing

Hello all,

I am trying to configure load balancing with my Checkpoint firewalls - two 5200 series firewalls configured in High Availability mode. I have followed to the letter the instructions in https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_NextGenSecurityGateway_Guide...

I have two HTTPS servers on addresses 192.168.103.91 and 192.168.103.92; I created a virtual ip of 192.168.102.20 (different subnet) for them. I also added the VIP to the ARP proxy on both appliances.

When I try to ping 192.168.102.20 (the VIP) from a workstation, the ping is successful; however, the reply comes from the actual server address, not from the VIP.

And when I try to access the VIP using HTTPS, it simply does not work. I sniffed the packets and I can see an http response from the actual server address (not from the VIP) which is not taken by the target machine since it is not expecting the response from that address.

In my mind, the response should be coming from the VIP, and everything should be NATed back and fort to the server addresses (as opposed to a simple redirection). 

What am I doing wrong? Please advise, thanks!

 

Pablo

 

 

 

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

What version/JHF level?
Can you provide a screenshot of your Logical Server object configuration?

Note that Logical Server objects do NOT support ping.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events