[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] CVP manager and H.A.
Ihsan, Sometimes when a post has many questions, it is more difficult to answer(takes a lot more time.) I'll take a stab at some of these, although I haven't used the product. For Q1 & Q2, it would probably be best to call CP or a VAR and discuss. 1. Yes, but not like a HA system. It's chained to provide load balancing. Take a look at CP marketing info at http://www.checkpoint.com/products/downloads/tnopsec.pdf Also, found some comments from AT&T Canada group. See http://www.attcanada.ca/security/newsletter.html#mar13III 2. My assumption(ack) is yes, since it comes with VPN-1 / Firewall-1. Clip from CP marketing info: "An advanced component of the latest generation of CVP is CVP Manager, included with VPN-1 and FireWall-1. CVP Manager can be configured to chain a number of content validation servers to allow multiple scans of the same file. It can also provide basic load sharing of content to multiple validation servers, enabling scalability as well as failover capability for validation servers. CVP Manager is extremely important if the customer has multiple validation servers, each performing a different validation such as anti-virus, URL filtering or email-scanning. " 3. The more you load onto a system, the better your chance for a problem. By trying to load as much as you can onto one system in order to save $$ on multiple systems, could end up biting you in the hind quarters and costing you much more(downtime, integrity, lost revenue, etc.) 4. This is definitly flame-bait. Can't help you here since I haven't done it. 5. If the virus is passing through undetected, I would call support for the product and get it fixed or use another product. The virus might be on it's list, but if it's a variant, it might pass since it may not match the signiture of the known viruses. As for multiscanning, to me, this is silly(I didn't call you silly!). If the first product cannot do what you paid all that money for and spent the time to setup - dump it! To setup >1 of these in an attempt to catch design issues in the first is just a plain waste of time and $$. So, how did I do?...yeah, I thought the same. Robert >>> <[email protected]> 02/16/01 04:48PM >>> > >Hi, >I've asked this question before and I get no answer about CVP manager. >Would you help me please? > >1. Is it possible to run more than one CVPManager ? Then if not, won't >be a single point of failure? > >2. Will CVP Manager run on Linux? > >3. Checkpoint tells that you can setup the CVPManager on a firewall, is >it feasible/possible on a FW or on High Avaliable Firewalls? Does it >have security and performance problems? > >4. What is the performance issue and HW recommendations? (For Solaris or >NT machine. Does anybody have experience running CVP manager on cluster >machines?) > >5. We have some problems about E-safe. Like, we've seen mails with >virusses passing through the E-safe(!), even if it's on the virus table. >Therefore, is there a way of multiscaning some attachments with another >Virus SW via CVP?. (There's a parameter on cvpm.conf "drop_on_unsafe" , >what's that?) > >Regards. > >Ihsan Cakmakli >YKT - - Robert P. MacDonald Global Infrastructure Group, Haworth, Inc. Voice:email: [email protected] ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|