[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Hardware HA solution advice needed
Check out Radware, I'm running multiple Fireproof boxes (HA and redundant), we use NAT, VPN'S across in every immaginable way, we have Linkproof boxes for multihoming. They're not the cheapest, they're a bitch to set up (advanced config) but they're blazing fast, rarely are a cause for overtime. gijs -----Original Message----- From: Aaron D. Turner [mailto:[email protected]] Sent: Thursday, March 15, 2001 8:27 PM To: [email protected] Cc: Hartley, Earl; [email protected] Subject: RE: [FW1] Hardware HA solution advice needed -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You can't run NAT on the firewall with the Cisco CSS boxes- at least that's what the Cisco docs say. VPN's aren't fun either, but are doable (well site to site VPN's are, but SecuRemote VPN's are impossible from the looks of it). Not to mention they're not OPSEC certified for load-balancing, only failover H/A. Honestly, if you want a hardware solution, you're better off with Alteon or Radware IMHO. Though I would seriously consider a software solution. I find StoneBeat FullCluster and RainWall simpler, more robust, and cheaper for most cases. Not to mention, they don't have the rather lame limitiations of the CSS's. - -- Aaron D. Turner Security Architect, OneSecure http://www.onesecure.com/ [email protected] work:cell:pub 1024D/1B57EB4D 2000-09-27 Aaron D. Turner <[email protected]> Key fingerprint = F90C BFB4 4404 5504 295D 4435 578B 1DD5 1B57 EB4D All emails by me are PGP signed; an invalid signature indicates a forgery. On Mon, 12 Mar 2001 [email protected] wrote: > > Earl, > > Sorry, I don't know - we don't use NAT. > > "Hartley, Earl" <[email protected]>@lists.us.checkpoint.com on 09/03/2001 > 14:12:22 > > Sent by: [email protected] > > > To: "'[email protected]'" <[email protected]>, > "Thomas Holmstrom" <[email protected]> > cc: [email protected], [email protected] > Subject: RE: [FW1] Hardware HA solution advice needed > > > > How well do the Cisco boxes work with NAT? The switches apparently have a > requirement to handle all translation themselves (per the documentation), > and I'd hate to have to redesign and redeploy (we're a pure CheckPoint/NAT > shop) if we don't have to do so. > > > -----Original Message----- > > From: [email protected] [SMTP:[email protected]] > > Sent: Friday, March 09, 2001 8:03 AM > > To: Thomas Holmstrom > > Cc: [email protected]; > [email protected] > > Subject: Re: [FW1] Hardware HA solution advice needed > > > > > > Jeff / Thomas > > > > Cisco content switches work fine. We have them in a "firewall sandwich" > > design for H/W Firewall Load-balancing. Not really using them for real > > layer 7 content (ie web) switching though so I can't comment specifically > > on that. > > > > Regards > > > > > > > > > > > > "Thomas Holmstrom" <[email protected]>@lists.us.checkpoint.com on > > 08/03/2001 19:34:42 > > > > Sent by: [email protected] > > > > > > To: [email protected], > [email protected] > > cc: > > Subject: Re: [FW1] Hardware HA solution advice needed > > > > > > > > > > I've been told by more than a few Cisco engineers that Cisco Content > > Switches will do HA and load balancing in lieu of a software solution for > > Checkpoint, but I've never met anyone who has even tested this. Content > > Switches would probably cost somewhat more than either Stonesoft or > > Rainfinity also. > > > > >From: Jeff_Newton <[email protected]> > > >To: [email protected] > > >Subject: [FW1] Hardware HA solution advice needed > > >Date: Thu, 08 Mar 2001 10:23:37 -0800 > > > > > > > > > > > >I understand Stonebeat and Rainwall have software solutions but I have > > >always been more comfortable with hardware solutions (layer 7 switches) > > >for server load balancing. Can anyone offer some advice for a hardware > > >HA solution for FW1? How about a solution that includes support for > > >SecuRemote? > > > > > >Cheers, > > > > > >-- > > >Jeff Newton > > > > > > > > > > > > ========================================================================== > > ====== > > > > > To unsubscribe from this mailing list, please see the instructions > > at > > > http://www.checkpoint.com/services/mailing.html > > > > > > ========================================================================== > > ====== > > > > > > _________________________________________________________________________ > > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. > > > > > > > > > ========================================================================== > > ====== > > > > To unsubscribe from this mailing list, please see the instructions > at > > http://www.checkpoint.com/services/mailing.html > > > ========================================================================== > > ====== > > > > > > > > > > > > > ========================================================================== > > ====== > > To unsubscribe from this mailing list, please see the instructions > at > > http://www.checkpoint.com/services/mailing.html > > > ========================================================================== > > ====== > > > ---------------------------------------------------------------------------- -- > > This message is intended only for the personal and confidential use of the > designated recipient(s) named above. If you are not the intended recipient > of this message you are hereby notified that any review, dissemination, > distribution or copying of this message is strictly prohibited. This > communication is for information purposes only and should not be regarded > as an offer to sell or as a solicitation of an offer to buy any financial > product, an official confirmation of any transaction, or as an official > statement of Lehman Brothers Inc. Email transmission cannot be guaranteed > to be secure or error-free. Therefore, we do not represent that this > information is complete or accurate and it should not be relied upon as > such. All information is subject to change without notice. > > > > > ============================================================================ ==== > > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== > > > > > > ============================================================================ ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: Public key 0x1B57EB4D at: http://www.keyserver.net/en/ Filter: gpg4pine 4.1 (http://azzie.robotics.net) iEYEARECAAYFAjqxF2cACgkQV4sd1RtX600nZACePrs/bX4DcftG3EcWmoKNy3Di vFUAn3EFUBIHdZYnOlEmeM+sWAbjaAJR =23tj -----END PGP SIGNATURE----- ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|