[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Load Balancing Agent
>3. Is there ANY way to get Rainwall to work with a Nokia IPSO 3.2.1 box? You could reformat the HD and install Linux, but then it wouldn't be an IPSO box anymore. ;-) That's the unfortunate downside of a proprietary platform like Nokia's. >2. Lets say there is a farm of 3 Firewalls. Does Rainfront allow for >1 gateway for all of the internal machines to see, or is there a >gateway for each firewall? Yes. You can configure RainWall so that the cluster has a single virtual IP address (VIP) per subnet, so all your internal clients point to the one default gateway. >1. Does Rainwall Load-Ballance VPNs connections including SecuRemote? >If so how does that work? Would a remote site connecting to a >Load-Ballanced VPN connect to 1 IP address? In other words, in >the Network objects, could I just set up firewall object that points >to a single IP address created by Rainwall for load ballanced VPNs? >If so how would I set up the interfaces? Yes. In the case of SecuRemote, the remote client does not connect directly to a VIP. It still connects to the management server, which should be located on a separate machine behind the firewall cluster. The external VIP of the firewall cluster becomes the default gateway for the remote client, but not the end-point of the VPN tunnel. When defining the gateway cluster, its IP address would be the external RainWall VIP. Gateway-to-gateway VPN (between two FW-1 servers) is handled a bit differently than SecuRemote. Since these tunnels are permanently defined in advance by the administrator, RainWall does more of a static load-sharing than a dynamic load- balancing. In other words, when you set up each tunnel in VPN-1, you will also identify the tunnel in a RainWall config file, and tell RainWall which machine should handle that tunnel. The tunnel will only move to another machine in the event of a fail-over. If you do intend to use RainWall for gateway-to-gateway VPN load sharing, be sure you are using version 1.5.1 of the RainWall software. Hope this helps. I suggest you download an evaluation copy of the 1.5.1 software from our website and read the included User Guide chapter on VPN configuration for more details. Currently, you can download 1.5.1 for NT or Linux. If you want 1.5.1 for Solaris, send an email to [email protected] instead. Mark ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|