[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Rainwall
[snip] >From: Michael Liberte > >Rainwall, even the latest version, isn't very good in >load balancing VPNs. It does load balancing for SR, >however, it can do only load SHARING for site-to-site VPNs. [snip] Michael raises an important point: To my knowledge, there are no solutions currently available that will do true, dynamic load balancing of individual connections INSIDE a Check Point VPN tunnel. Even with the latest improvements for VPN in version 1.5.1, RainWall can't do that because it doesn't actually terminate the tunnel itself, and therefore has no visibility to idenfity one TCP connection from another when all the connections are bundled into one encrypted stream. The best any VPN-1 load balancing solution can do is distribute load on a per-tunnel basis, which is what RainWall does. Given the limitations imposed by being external to the encryption process, I'd say RainWall balances VPN-1 traffic better than any other OPSEC-certified product on the market. Even static load sharing can be a big improvement over no LB at all if your VPN gateway has become a bottleneck. If anyone is interested, write me offline and I will send you a white paper on scaling FW-1/VPN-1 capacity. Hope this helps, Mark L. Decker Rainfinity [email protected] www.rainfinity.com================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|