[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Re:
As far as routing is concerned, it doesn't matter which router forwards the packets from the Internet to your external network segment (aka, virtual cluster IP). Also, when packets are leaving your internal network, one of your firewalls will forward the packets to the Internet transparently. Packets could be forwarded by FW1 or FW2, each one would have its route and things will work fine. The problem will arise when you one of your routers (link to your ISP) fail. The firewall affected would have to be sent offline so that it stop forwading packets to its default gateway. In order to achive the offline action you will have to configure tests. My suggestion is that you configure tests to ping some site at the Internet so that each firewalls notices when its path to the Internet has been lost. You must configure the test to ping an external site so that you can detect failures. If you ping your router you could get an reply from it, but this doesn't assure you that the link to your ISP is up. Of course it has to be a trusted site and the practice will carry an over traffic to your link. If you miss to do this, things will get a little messy. My two cents. > > I've this: > > routerA routerB > | | > ----------------------------- > | | > FW1 FW2 > > The FW's running Solaris 2.6, Firewall-1 4.1 and Stonebeat FullCluster. > The routers are 3640. > I want to configure the defaultrouter for: > FW1 ---> routerA > FW2 ---> routerB > Are there any problem whit this configuration? > > Thanks in advance > Paco Navarro > _________________________________________________________________________ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ -- Héctor Gerardo Garza Tapia Information Security Consultant CITI Sendero Sur 285 A Col.Contry Monterrey, NL 64860 Mexico Tel. +52(8) 357-2267 x146 Fax +52(8) 357-8047 Email: [email protected] WWW: www.citi.com.mx ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|