[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Off topic - One firewall, two ISP's, automatic failover for VPN pos sible ?
We have been implimenting this product all over. I kicks butt.... -----Original Message----- From: Lawrence Mackley [mailto:[email protected]] Sent: Friday, March 02, 2001 11:32 AM To: Daniel Hitchcock; 'Jeff Deitz'; 'Markus Gruenkorn ' Cc: 'Chris Arnold'; '[email protected] ' Subject: RE: [FW1] Off topic - One firewall, two ISP's, automatic failover for VPN pos sible ? They use something called SmartNAT. Basically DNS resolution for inbound hosts is on the LinkProofs and they respond with an address on the ISP link to be used by the different clients. We have used it in a lab and will move them to production in a couple weeks. It is a cool product and seems to have very good people and technology behind it. --- Daniel Hitchcock <[email protected]> wrote: > WARNING: Off-topic LinkProof question > > I have heard LinkProof referred to many times as a > direct replacement to > BGP. This seems viable for outbound connections, > but I don't understand how > such a device could provide inbound redundancy. I > guess the closest thing > you could use would be round robin DNS, providing > about 50% failure rate > during an outage. However, I can accomplish that > same 50% failure rate > without the help of LinkProof during an outage. > Even if LinkProof somehow > dynamically modified the DNS tables, you're still up > against caching servers > on the internet that are designed to ignore TTLs and > hold on to invalid > records. > > Am I missing something? > Dan Hitchcock > CCNA, CCSE, MCSE > Security Analyst > Breakwater Security Associates >> [email protected] > http://www.breakwatersecurity.com > <http://www.breakwatersecurity.com/> > > > > > > -----Original Message----- > From: Jeff Deitz [mailto:[email protected]] > Sent: Thursday, March 01, 2001 9:53 AM > To: 'Markus Gruenkorn ' > Cc: 'Chris Arnold'; > '[email protected] ' > Subject: RE: [FW1] One firewall, two ISP's, > automatic failover for VPN pos > sible ? > > > > Radware's Linkproof can do that without the hassle > of BGP. I talked to > Rainfinity about their Rainwall product doing that, > but they will only > balance outbound connections so it is not really a > viable solution. Anyone > else know another product to load balances ISP I > would appreciate hearing > about them. Only solutions that work in both > directions. > > -----Original Message----- > From: Chris Arnold [ > mailto:[email protected] > <mailto:[email protected]> ] > Sent: Thursday, March 01, 2001 6:54 AM > To: 'Markus Gruenkorn '; > '[email protected] ' > Subject: RE: [FW1] One firewall, two ISP's, > automatic failover for VPN > pos sible ? > > > > Talk with your ISPs about running BGP on your lines > and advertising each > other's routes. > > Chris > > -----Original Message----- > From: Markus Gruenkorn > To: [email protected] > Sent: 3/1/01 5:04 AM > Subject: [FW1] One firewall, two ISP's, automatic > failover for VPN possible > ? > > > Hi, > we currently use a nokia IP440 at one and several > VPN220 at about 8 > other different locations . > We have access to two ISP´s. Is it possible to > configure our nokia that > the VPN is switched from one provider to another if > one provider goes down . > Anyone out there has a similar configuration ? > I know that a HA solution is possible with two > firewalls and VRRP but i > dont find any information about using one forewall > and two > ISPs. > Thanks > > > > > ======================================================================== > > ======== > To unsubscribe from this mailing list, please > see the instructions > at > > http://www.checkpoint.com/services/mailing.html > <http://www.checkpoint.com/services/mailing.html> > ======================================================================== > > ======== > > > ============================================================================ > ==== > To unsubscribe from this mailing list, please > see the instructions at > > http://www.checkpoint.com/services/mailing.html > <http://www.checkpoint.com/services/mailing.html> > ============================================================================ > ==== > > __________________________________________________ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|