[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] Multiple Default Gateways on Solaris
You
have your technologies a bit mixed up.
FW-1
doesn't use default gateways. It is an inspection tool that merely
determines whether to pass or drop packets based on it's rule base and state
table. Routing is done by the OS. So if you have 2 default gateways
it would be up to the OS to determine which gateway to use. FW-1 doesn't
care as that works on Layer 2. FW-1 inspects Layer-3 and above, generally
speaking.
Are
these gateways on different subnets and/or different interfaces?
If the
gateways are on the same subnet then you should have HSRP/VRRP turned on at the
next-hop routers. This would alleviate the need for multiple default
gateways.
The
BGP stuff is really independent of this stuff, assuming that the ISP's own, as
in control, those upstream routers.
If you
want a more detailed explanation of why FW-1 doesn't care about default gateways
email me and I will explain.
Forgive my ignorance, but what do you mean by 'admin distance of
1'.?
What _do_ I need to have TWO default routes? My ISP is getting ready to turn on BGP on both
of my Internet links (two routers). They said that I need to have a
firewall that is capable of handling multiple default
routes.
Before I tell them to proceed, I'm
trying to find out if FW-1 will handle
this....
Any
ideas?
--Omar
someone is pulling your leg. You can't have two different default
routes with a admin distance of 1.
thomas
poole
Well, the /etc/defaultrouter file did take care of the OS
routing...but how can I get FW-1 to recognize it?
Example, I entered my additional route in the file, rebooted.
Then I pinged a device on the Net. Next, I pulled the ethernet cable
out of hme0 (first default route) and then did a ping/traceroute...it worked
and it _IS_ using the next default route; this is all from
Solaris.
Next, I tried to ping/traceroute from a PC BEHIND the FW-1....no
go! FW-1 is still trying to use the FIRST route...it's not 'failing
over'.
What do I have to do to FW-1 to have it recognize that there
are multiple default routes?
--Omar
>In other words, current default GW is 1.2.3.4. I would like to
add a second
>gateway of 5.6.7.8 for redundancy.
>Is this
possible? What would I do to configure this?
If I am understanding you correctly, it seems that all you will have to
do is to edit the /etc/defaultrouter file and append the
second gateway below the first. That should do it.
Rafiyq
"Vega, Omar A." <[email protected]>
wrote:
I
am wondering it FW-1 v4.0, running on Solaris will support
Multiple
Default Gateways.
In other words, current default GW
is 1.2.3.4. I would like to add a second
gateway of 5.6.7.8 for
redundancy.
Is this possible? What would I do to configure
this?
--Omar
--------------------------------
Omar A. Vega, MCP
Manager
Network Services
DSI - Data
Systems International
FAX
---------- Internet E-mail Confidentiality
Disclaimer ----------
PRIVILEGED / CONFIDENTIAL
INFORMATION may be contained in this
message. If you are not the addressee indicated in this message or the
employee or agent responsible for delivering it to the addressee, you are
hereby on notice that you are in possession of confidential and privileged
information. Any dissemination, distribution, or copying of this e-mail is
strictly prohibited. In such case, you should destroy this message and kindly
notify the sender by reply e-mail. Please advise immediately if you or your
employer do not consent to Internet email for messages of this
kind.
Opinions, conclusions, and other information in
this message that do not relate to the official business of my firm shall be
understood as neither given nor endorsed by
it.