Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] GateD for OSPF on FW-1

To: [email protected]
Subject: Re: [FW1] GateD for OSPF on FW-1
From: Jason Witty <[email protected]>
Date: Tue, 19 Sep 2000 12:48:17 -0500
Cc: "Oliva, Fabian J [Sprint]" <[email protected]>, "Glover, Duke" <[email protected]>, "'[email protected].'" <[email protected]>
References: <[email protected]>
Sender: [email protected]

Okay, for those interested, I have posted a sanatized sample OSPF
diagram and the corresponding gated.conf files at
http://www.securitystats.com/network/ .  

Please note that the design is NOT the one used at securitystats.com,
I've just put it there as it's convenient.  Also note that this
particular design is not incredibly efficient (only provides fail-over,
not LB), and has a few interesting IP addressing issues (DMZ is public,
all other segments are private, although this could easily be changed). 
The design itself has lots of room for improvement, as we had to throw
something together very quickly, and have since switched gears to a
different solution using Foundry ServerIrons to do the HA (and even
another design is in the works using Nokia/VRRP/Foundry).  But, as is,
I've seen it work well supporting a 12MB internet pipe, 120+ Extranet
partners, about 50 DMZ web servers, and  about 10,000 internal users
going through it. 

The basic cost structure forces traffic as follows:

-internal-net to Internet traffic via top firewall
-internal-net to DMZ or Extranet via bottom firewall
-Internet to DMZ via top firewall
-DMZ to Internet via top firewall
-DMZ to internal-net via bottom firewall
-Extranet to DMZ or internal-net via bottom firewall
-Internet to internal-net is NOT allowed

If one FW fails, the other picks up for it within 2 seconds, and state
is synced every 100ms.

Questions about this specific design can be sent directly to me.  

Jason

[email protected] wrote:
> 
> ;-) Hi
>          you wrote: I can post a sample config and sanitized network doc of mine if it would help more.
>       i am very intrested in your document can you also post it to me.
>                      kind regards
>                       K@rel

================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Follow-Ups:
- [FW1] FW1 SP2 on NT4, no service helper
  - From: [email protected] (Carl E. Mankinen)

References:
- Re: [FW1] GateD for OSPF on FW-1
  - From: [email protected]

Prev by Date: RE: [FW1] LDAP and Windows2000
Next by Date: [FW1] Table connection not loaded
Previous by thread: Re: [FW1] GateD for OSPF on FW-1
Next by thread: [FW1] FW1 SP2 on NT4, no service helper
Index(es):
- Date
- Thread