Scribd Logo
Upload

Welcome to Scribd!

  • Controlling Connections Configured With ISP Redundancy in Load Sharing Mode

    Uploaded by

    jpodlasnisky
    113 views2 pages
    Controlling connections configured with ISP Redundancy in Load Shari. Connections from the same source pass only through one of the ISP channels. This behavior is the default design of ISP Redundancy in Load Sharing mode.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Controlling connections configured with ISP Redundancy in Load Shari. Connections from the same source pass only through one of the ISP channels. This behavior is the default design of ISP Redundancy in Load Sharing mode.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    113 views2 pages

    Controlling Connections Configured With ISP Redundancy in Load Sharing Mode

    Uploaded by

    jpodlasnisky
    Controlling connections configured with ISP Redundancy in Load Shari. Connections from the same source pass only through one of the ISP channels. This behavior is the default design of ISP Redundancy in Load Sharing mode.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Controlling connections configured with ISP Redundancy in Load Shari...

    https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit...

    Bem-vindo(a) Felipe Goulart | Sait

    Support Center > Search Results > SecureKnowledge Details


    Search

    Expert Access

    Live Chat
    Start Chat Now Print Email

    Service Requests
    Create Service Request My Service Requests

    Controlling connections configured with ISP Redundancy in Load Sharing mode

    Contact Us
    Solution ID: Product: Version: Platform / Model: Date Created: Last Modified: sk42636 Security Gateway, ClusterXL All All 24-ago-2009 10-jul-2013 Rate this document [1=Worst,5=Best]

    STAY UP TO DATE
    Get weekly email notifications on support related updates.

    SYMPTOMS
    Connections from the same source pass only through one of the ISP channels and not through both ISP channels per Round-Robin mechanism when Security gateway is configured with ISP Redundancy in Load Sharing mode.

    CAUSE

    This behavior is the default design of ISP Redundancy in Load Sharing mode.

    SOLUTION

    Background:
    By default, in ISP Redundancy in Load Sharing mode, connections from the same "Client" located behind the Gateway/Cluster are sent out the Gateway/Cluster every time over the same ISP channel. This is a sort of "Client Stickiness" mode. This mode was chosen to be the default, because it is the best way to distribute connections between two ISP channels without losing communications that use dynamic ports or port redirection (e.g., FTP, VoIP, etc). These are the relevant attributes of the Gateway / Cluster object in the database, which can be changed via GuiDbEdit Tool: misp_cache_use_cln - when enabled, controls "Client" stickiness (default value: "true") misp_cache_use_srv - when enabled, controls "Server" stickiness (default value: "false")

    Procedure:
    Close all SmartConsole windows (SmartDashboard, SmartView Tracker, etc). Connect to Security Management Server with GuiDbEdit Tool. In the upper left pane, go to 'Table' 'Network Objects' 'network_objects'. In the upper right pane, select the relevant Gateway object (in Class Name column appears as 'gateway_ckp') / select the relevant Cluster (in Class Name column appears as 'gateway_cluster'). In the lower pane, in Field Name column find firewall_settings scroll down to misp_cache_use_cln and misp_cache_use_srv parameters. Right-click on the parameter choose 'Edit...'. Change the Value of the parameter click 'OK': Since there are 2 parameters and each parameter has 2 possible values, there are 4 possible configurations: 1. (misp_cache_use_cln = true) and (misp_cache_use_srv = false) - all connections from the same "Client" will be sent out over the same ISP channel (each Source IP address is cached independently from other Source IP addresses).

    2. (misp_cache_use_cln = false) and (misp_cache_use_srv = true) - all connections to the same "Server" will be sent out over the same ISP channel - not recommended (each Destination IP address is

    1 de 2

    16/09/2013 16:58

    Controlling connections configured with ISP Redundancy in Load Shari...

    https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit...

    cached independently from other Destination IP addresses).

    3. (misp_cache_use_cln = true) and (misp_cache_use_srv = true) - all connections from the same "Client" to the same "Server" will be sent out over the same IPS channel (each Source and Destination IP addresses are cached independently from other Source and Destination IP addresses).

    4. (misp_cache_use_cln = false) and (misp_cache_use_srv = false) - all connections will be sent out randomly over both IPS channels - not recommended.

    Go to 'File' menu click on 'Save All'. Close GuiDbEdit Tool. Connect to Security Management Server with SmartDashboard. Install the policy onto Gateway / Cluster object.

    Related Solutions: sk23630 (Advanced configuration options for ISP redundancy) sk25152 (Static (Hide) NAT fails for outgoing connections through gateway with ISP Redundancy in Load Sharing mode)

    Give us Feedback
    Rate this document [1=Worst,5=Best]

    Additional comments...(Max 2000 characters allowed)

    Characters left: 2000

    2013 Check Point Software Technologies Ltd. All rights reserved. Check Point Software Technologies, Inc. is a wholly owned subsidiary of Check Point Software Technologies Ltd.

    2 de 2

    16/09/2013 16:58

    You might also like