Re: Mixing SecurePlatforms and ClusterXL

Email lists > CheckPoint Firewall-1 discussion

Thread: Re: Mixing SecurePlatforms and ClusterXL

Search this list only Search all lists
Re: Mixing SecurePlatforms and ClusterXL
	2008-05-16 21:40:41
some older hardware can not work with SPLAT 2.6 kernel. It only works with 2.4 kernel. For example, Dell PowerEdge 2450 and 2550 only works with SPLAT 2.4 kernel. It refuses to install splat 2.6 kernel. Newer hardware only works with 2.6 kernel. For example, Sun X4200-M2 and Dell 2950-III only works with SPLAT 2.6 kernel. Sergio Alvarez <seralvarGMAIL.COM> wrote: Check Point has always said having exactly the same platform on both systems of a cluster is a MUST, therefore even when I have no documentation or first hand experience with something like you are planning, I wouldn't risk it. Also is possible that if you ask Check Point support about this, they will come up with the requirement mentioned above and will tell you it is not officially supported, which is reason enough for me to never put something like that in production. Now, given the fact one of the systems forcibly requires kernel 2.6, why not just reinstall the 2.4 machine with 2.6 and that way you have them both on the exact same platform and avoid taking risks. I know its your production firewall module, but you could replace it with the lab machine (already with 2.6 kernel) while reinstalling it with SPLAT 2.6 and the downtime should be very short. Again, this is just my personal opinion without having experience mixing 2.6 and 2.4 kernels on a cluster and thinking on the best way to avoid issues or conflicts. Regards On Fri, May 16, 2008 at 3:23 PM, Crist Clark wrote: > We are looking at taking an existing single-string firewall, > and making it a cluster with ClusterXL. The existing firewall > is running good ol' SecurePlatform R65 HFA_02. We have on hand > a machine that is currently used in the lab to test network > changes before they go operational. However, the test machine > is not supported by the old 2.4 kernel SPlat. It's running > the "new" 2.6 kernel SPlat. > > Now, both machines are the same arch (AMD Opteron CPUs) and > are both running R65 HFA_02. I'm about, oh, 90% sure that > running them together as a cluster would be OK, but it'd be > great if someone could verify that they'd play well together > in a cluster, that mixing the 2.4 kernel and 2.6 kernel SPlats > in ClusterXL is not a Bad Thing. > > A co-worker brought up a really good point too. If the next HFA > for the 2.4 kernel comes out a few days before/after the 2.6 > version does, not a big deal. But are there some other issues > with future support that I'm not considering? > > For details the 2.4 kernel is a Sun Fire X2200 M2 and the 2.6 > kernel is a Sun Fire X4100 M2. The sad story is we originally > bought the X4100 M2 for the operational firewall only to learn > that the X4100, which Sun doesn't sell anymore, is supported > by the 2.4 SPlat, but not the X4100 M2. So we got a X2200 M2. > But then just weeks after the X2200 M2 went operational, Check > Point came out with the 2.6 kernel SPlat that supports the > X4100 M2. It'd be nice to use the X4100 M2 system, which was > a sweet but $$$ lab machine, for what we originally purchased > it for, an operational firewall. > > B¼information contained in this e-mail message is confidential, intended > only for the use of the individual or entity named above. If the reader > of this e-mail is not the intended recipient, or the employee or agent > responsible to deliver it to the intended recipient, you are hereby > notified that any review, dissemination, distribution or copying of this > communication is strictly prohibited. If you have received this e-mail > in error, please contact postmasterglobalstar.com > > Scanned by Check Point Total Security Gateway. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to LISTSERVamadeus.us.checkpoint.com > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http: //www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > fw-1-ownerts.checkpoint.com > ================================================= > -- Sergio Alvarez (506)8301342 Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to LISTSERVamadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http: //www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email fw-1-ownerts.checkpoint.com ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to LISTSERVamadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http: //www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email fw-1-ownerts.checkpoint.com =================================================

Re: Mixing SecurePlatforms and ClusterXL
	2008-05-16 22:32:44
"some older hardware can not work with SPLAT 2.6 kernel".... Well, I had not realized that... good point. Although checking the Hardware Compatibility List, I see the Sun Fire X2200 M2, which our friend Crist currently has in production running kernel 2.4, also supports kernel 2.6, so I guess that means my suggestions are still valid. I hope they will be useful as well. Regards On Fri, May 16, 2008 at 8:40 PM, cisco4ng <cisco4ngyahoo.com> wrote: > some older hardware can not work with SPLAT 2.6 kernel. It only works > with 2.4 kernel. For example, Dell PowerEdge 2450 and 2550 only works > with SPLAT 2.4 kernel. It refuses to install splat 2.6 kernel. > > Newer hardware only works with 2.6 kernel. For example, Sun X4200-M2 and > Dell 2950-III only works with SPLAT 2.6 kernel. > > Sergio Alvarez <seralvarGMAIL.COM> wrote: > Check Point has always said having exactly the same platform on both > systems > of a cluster is a MUST, therefore even when I have no documentation or > first > hand experience with something like you are planning, I wouldn't risk it. > > Also is possible that if you ask Check Point support about this, they will > come up with the requirement mentioned above and will tell you it is not > officially supported, which is reason enough for me to never put something > like that in production. > > Now, given the fact one of the systems forcibly requires kernel 2.6, why > not > just reinstall the 2.4 machine with 2.6 and that way you have them both on > the exact same platform and avoid taking risks. I know its your production > firewall module, but you could replace it with the lab machine (already > with > 2.6 kernel) while reinstalling it with SPLAT 2.6 and the downtime should be > very short. > > Again, this is just my personal opinion without having experience mixing > 2.6 > and 2.4 kernels on a cluster and thinking on the best way to avoid issues > or > conflicts. > > Regards > > On Fri, May 16, 2008 at 3:23 PM, Crist Clark > wrote: > > > We are looking at taking an existing single-string firewall, > > and making it a cluster with ClusterXL. The existing firewall > > is running good ol' SecurePlatform R65 HFA_02. We have on hand > > a machine that is currently used in the lab to test network > > changes before they go operational. However, the test machine > > is not supported by the old 2.4 kernel SPlat. It's running > > the "new" 2.6 kernel SPlat. > > > > Now, both machines are the same arch (AMD Opteron CPUs) and > > are both running R65 HFA_02. I'm about, oh, 90% sure that > > running them together as a cluster would be OK, but it'd be > > great if someone could verify that they'd play well together > > in a cluster, that mixing the 2.4 kernel and 2.6 kernel SPlats > > in ClusterXL is not a Bad Thing. > > > > A co-worker brought up a really good point too. If the next HFA > > for the 2.4 kernel comes out a few days before/after the 2.6 > > version does, not a big deal. But are there some other issues > > with future support that I'm not considering? > > > > For details the 2.4 kernel is a Sun Fire X2200 M2 and the 2.6 > > kernel is a Sun Fire X4100 M2. The sad story is we originally > > bought the X4100 M2 for the operational firewall only to learn > > that the X4100, which Sun doesn't sell anymore, is supported > > by the 2.4 SPlat, but not the X4100 M2. So we got a X2200 M2. > > But then just weeks after the X2200 M2 went operational, Check > > Point came out with the 2.6 kernel SPlat that supports the > > X4100 M2. It'd be nice to use the X4100 M2 system, which was > > a sweet but $$$ lab machine, for what we originally purchased > > it for, an operational firewall. > > > > B¼information contained in this e-mail message is confidential, intended > > only for the use of the individual or entity named above. If the reader > > of this e-mail is not the intended recipient, or the employee or agent > > responsible to deliver it to the intended recipient, you are hereby > > notified that any review, dissemination, distribution or copying of this > > communication is strictly prohibited. If you have received this e-mail > > in error, please contact postmasterglobalstar.com > > > > Scanned by Check Point Total Security Gateway. > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to LISTSERVamadeus.us.checkpoint.com > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http: //www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > fw-1-ownerts.checkpoint.com > > ================================================= > > > > > > -- > Sergio Alvarez > (506)8301342 > > > > Scanned by Check Point Total Security Gateway. > > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to LISTSERVamadeus.us.checkpoint.com > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http: //www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > fw-1-ownerts.checkpoint.com > ================================================= > > > > > Scanned by Check Point Total Security Gateway. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to LISTSERVamadeus.us.checkpoint.com > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http: //www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > fw-1-ownerts.checkpoint.com > ================================================= > -- Sergio Alvarez (506)8301342 Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to LISTSERVamadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http: //www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email fw-1-ownerts.checkpoint.com =================================================

[1-2]

about | contact Other archives ( Real Estate discussion Medical topics )

Mailing lists

ARCHIVES