[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Off topic - One firewall, two ISP's, automatic failover for VPN pos sible ?

Title: RE: [FW1] One firewall, two ISP's, automatic failover for VPN pos sible ?
<<you're still up against caching servers on the internet that are designed to ignore TTLs and hold on to invalid records>>
 
Yes, I've noticed this. Some ass created a external DNS record for our firewall early last year. I deleted it after finding it of course, but I still see it when doing lookups at various resolver sites. What is up with this and why do these servers do this?
 
Ian
 
 
-----Original Message-----
From: Daniel Hitchcock [mailto:[email protected]]
Sent: Friday, March 02, 2001 7:48 AM
To: 'Jeff Deitz'; 'Markus Gruenkorn '
Cc: 'Chris Arnold'; '[email protected] '
Subject: RE: [FW1] Off topic - One firewall, two ISP's, automatic failover for VPN pos sible ?

WARNING:  Off-topic LinkProof question
 
I have heard LinkProof referred to many times as a direct replacement to BGP.  This seems viable for outbound connections, but I don't understand how such a device could provide inbound redundancy.  I guess the closest thing you could use would be round robin DNS, providing about 50% failure rate during an outage.  However, I can accomplish that same 50% failure rate without the help of LinkProof during an outage.  Even if LinkProof somehow dynamically modified the DNS tables, you're still up against caching servers on the internet that are designed to ignore TTLs and hold on to invalid records.
 
Am I missing something?

Dan Hitchcock
CCNA, CCSE, MCSE
Security Analyst
Breakwater Security Associates

[email protected]
http://www.breakwatersecurity.com

 
 
 
-----Original Message-----
From: Jeff Deitz [mailto:[email protected]]
Sent: Thursday, March 01, 2001 9:53 AM
To: 'Markus Gruenkorn '
Cc: 'Chris Arnold'; '[email protected] '
Subject: RE: [FW1] One firewall, two ISP's, automatic failover for VPN pos sible ?

Radware's Linkproof can do that without the hassle of BGP. I talked to Rainfinity about their Rainwall product doing that, but they will only balance outbound connections so it is not really a viable solution. Anyone else know another product to load balances ISP I would appreciate hearing about them. Only solutions that work in both directions.

-----Original Message-----
From: Chris Arnold [mailto:[email protected]]
Sent: Thursday, March 01, 2001 6:54 AM
To: 'Markus Gruenkorn '; '[email protected] '
Subject: RE: [FW1] One firewall, two ISP's, automatic failover for VPN
pos sible ?



Talk with your ISPs about running BGP on your lines and advertising each
other's routes.

Chris

-----Original Message-----
From: Markus Gruenkorn
To: [email protected]
Sent: 3/1/01 5:04 AM
Subject: [FW1] One firewall, two ISP's, automatic failover for VPN possible
?


Hi,
we currently use a nokia IP440 at one and several VPN220 at about 8
other different locations .
We have access to two ISP�s. Is it possible to configure our nokia that
the VPN is switched from one provider to another if
one provider goes down .
Anyone out there has a similar configuration ?
I know that a HA solution is possible with two firewalls and VRRP but i
dont find any information about using one forewall and two
ISPs.
Thanks




========================================================================
========
     To unsubscribe from this mailing list, please see the instructions
at
               http://www.checkpoint.com/services/mailing.html
========================================================================
========


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================