Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Nokia VRRP and Checkpoint HA

To: [email protected]
Subject: Re: [FW1] Nokia VRRP and Checkpoint HA
From: CryptoTech <[email protected]>
Date: Wed, 28 Feb 2001 07:27:13 -0500
Cc: [email protected], "'Fw-1-Mailinglist@FW1-NOSPAMLists. Us. Checkpoint. Com'" <[email protected]>
References: <[email protected]>
Reply-to: [email protected]
Sender: [email protected]

>From trying something of this nature before, Mark is correct, but they do not work
at all together.

1) CP HA uses duplicated mac addresses, (except in the new beta), Nokia does not.
2) CP HA monitors interface cards as well as process states (fwd, vpnd, sservd),
Nokia does not
3) CP HA requires an additional license, Nokia does not
4) If you want the ability to truly load balance, Stonebeat or Rainfinity, CP HA
does not, Nokia does not.

Just a note of interest Mark, HA is not a functional option on the nokia, but one or
two of the releases made reference to it because of  a coding oversite, and even the
Check Point/Intrusion.com SO/HO linux based systems allowed you to run enterprise fw
and HA, even though it it not on the price list.  Obvious goofs on someones part,
but goofs like that could lead to interesting questions.

Cheers Mark, Jason,
CryptoTech

Mark Decker wrote:

> Not sure how well they co-exist, but I'm pretty sure they won't talk to
> each other if installed on the same machine.  VRRP concerns itself only
> with the hardware and network connectivity.  VRRP does not monitor the
> firewall process or policy, and failure of the FW-1 daemon will not
> trigger a VRRP failover.  I guess this is why you want the HA module,
> but why would you also run VRRP if using the HA module?  Using the HA
> module ought to eliminate the need for VRRP.
>
> BTW, I don't think the HA module is available for the Nokia platform,
> which would make all this a moot point.  According to the datasheet, it
> is only available for Solaris and NT:
> http://www.checkpoint.com/products/vpn1/ha.html
>
> HTH,
>
> Mark L. Decker
> Rainfinity
> [email protected]
> www.rainfinity.com
>>
> > -----Original Message-----
> > From: jason clements
> >
> > Anyone have a definitive answer about this.
> >
> > If I am running Nokias in High availability mode, and want to
> > also run the
> > checkpoint HA module, is this a supported piece of functionality.
> >
> > My concern is should the HA module on the firewall failover,
> > will the nokia
> > vrrp part also fail over, or do these two technologies not
> > "speak2 to each
> > other.
> >
> > If anyone knows, or has tried.
> >
> > cheers
> >
> > jason
>
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

References:
- RE: [FW1] Nokia VRRP and Checkpoint HA
  - From: "Mark Decker" <[email protected]>

Prev by Date: Re: [FW1] Displaying Certificate Key
Next by Date: Re: [FW1] Nokia VRRP and Checkpoint HA
Previous by thread: RE: [FW1] Nokia VRRP and Checkpoint HA
Next by thread: Re: [FW1] Nokia VRRP and Checkpoint HA
Index(es):
- Date
- Thread