Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Off topic - One firewall, two ISP's, automatic failover for VPN pos sible ?

To: Daniel Hitchcock <[email protected]>, "'Jeff Deitz'" <[email protected]>, "'Markus Gruenkorn '" <[email protected]>
Subject: RE: [FW1] Off topic - One firewall, two ISP's, automatic failover for VPN pos sible ?
From: Tim Cullen <[email protected]>
Date: Fri, 2 Mar 2001 11:52:08 -0500
Cc: "'Chris Arnold'" <[email protected]>, "'[email protected] '" <[email protected]>
Sender: [email protected]

We have been implimenting this product all over.  I kicks butt....

-----Original Message-----
From: Lawrence Mackley [mailto:[email protected]]
Sent: Friday, March 02, 2001 11:32 AM
To: Daniel Hitchcock; 'Jeff Deitz'; 'Markus Gruenkorn '
Cc: 'Chris Arnold'; '[email protected] '
Subject: RE: [FW1] Off topic - One firewall, two ISP's, automatic
failover for VPN pos sible ?



They use something called SmartNAT. Basically DNS
resolution for inbound hosts is on the LinkProofs and
they respond with an address on the ISP link to be
used by the different clients.

We have used it in a lab and will move them to
production in a couple weeks. It is a cool product and
seems to have very good people and technology behind
it.

--- Daniel Hitchcock
<[email protected]> wrote:
> WARNING:  Off-topic LinkProof question
>  
> I have heard LinkProof referred to many times as a
> direct replacement to
> BGP.  This seems viable for outbound connections,
> but I don't understand how
> such a device could provide inbound redundancy.  I
> guess the closest thing
> you could use would be round robin DNS, providing
> about 50% failure rate
> during an outage.  However, I can accomplish that
> same 50% failure rate
> without the help of LinkProof during an outage. 
> Even if LinkProof somehow
> dynamically modified the DNS tables, you're still up
> against caching servers
> on the internet that are designed to ignore TTLs and
> hold on to invalid
> records.
>  
> Am I missing something?
> Dan Hitchcock 
> CCNA, CCSE, MCSE 
> Security Analyst 
> Breakwater Security Associates 
>> [email protected] 
> http://www.breakwatersecurity.com
> <http://www.breakwatersecurity.com/>  
> 
>  
>  
>  
> 
> -----Original Message-----
> From: Jeff Deitz [mailto:[email protected]]
> Sent: Thursday, March 01, 2001 9:53 AM
> To: 'Markus Gruenkorn '
> Cc: 'Chris Arnold';
> '[email protected] '
> Subject: RE: [FW1] One firewall, two ISP's,
> automatic failover for VPN pos
> sible ?
> 
> 
> 
> Radware's Linkproof can do that without the hassle
> of BGP. I talked to
> Rainfinity about their Rainwall product doing that,
> but they will only
> balance outbound connections so it is not really a
> viable solution. Anyone
> else know another product to load balances ISP I
> would appreciate hearing
> about them. Only solutions that work in both
> directions.
> 
> -----Original Message----- 
> From: Chris Arnold [
> mailto:[email protected]
> <mailto:[email protected]> ] 
> Sent: Thursday, March 01, 2001 6:54 AM 
> To: 'Markus Gruenkorn ';
> '[email protected] ' 
> Subject: RE: [FW1] One firewall, two ISP's,
> automatic failover for VPN 
> pos sible ? 
> 
> 
> 
> Talk with your ISPs about running BGP on your lines
> and advertising each 
> other's routes. 
> 
> Chris 
> 
> -----Original Message----- 
> From: Markus Gruenkorn 
> To: [email protected] 
> Sent: 3/1/01 5:04 AM 
> Subject: [FW1] One firewall, two ISP's, automatic
> failover for VPN possible 
> ? 
> 
> 
> Hi, 
> we currently use a nokia IP440 at one and several
> VPN220 at about 8 
> other different locations . 
> We have access to two ISP´s. Is it possible to
> configure our nokia that 
> the VPN is switched from one provider to another if 
> one provider goes down . 
> Anyone out there has a similar configuration ? 
> I know that a HA solution is possible with two
> firewalls and VRRP but i 
> dont find any information about using one forewall
> and two 
> ISPs. 
> Thanks 
> 
> 
> 
> 
>
========================================================================
> 
> ======== 
>      To unsubscribe from this mailing list, please
> see the instructions 
> at 
>               
> http://www.checkpoint.com/services/mailing.html
> <http://www.checkpoint.com/services/mailing.html>  
>
========================================================================
> 
> ======== 
> 
> 
>
============================================================================
> ==== 
>      To unsubscribe from this mailing list, please
> see the instructions at 
>               
> http://www.checkpoint.com/services/mailing.html
> <http://www.checkpoint.com/services/mailing.html>  
>
============================================================================
> ==== 
> 
> 


__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] Off topic - One firewall, two ISP's, automatic failover for VPN pos sible ?
Next by Date: RE: [FW1] drops on port 2301
Previous by thread: [FW1] OT: Loadbalancing routers?
Next by thread: [FW1] Can't use Fwpolicy GUI on Firewall Management Console
Index(es):
- Date
- Thread