NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Hardware HA solution advice needed



Somebody should verify his/her content mgmnt, the mail was blocked due to a
word (see "  ")

Check out Radware, I'm running multiple Fireproof boxes (HA and redundant),
we use NAT, VPN'S across in every immaginable way, we have Linkproof boxes
for multihoming. They're not the cheapest, they're a "female variation of a
species" or "female with nasty habits" to set up (advanced config) but
they're blazing fast, rarely are a cause for overtime.

gijs 

-----Original Message-----
From: Aaron D. Turner [mailto:[email protected]]
Sent: Thursday, March 15, 2001 8:27 PM
To: [email protected]
Cc: Hartley, Earl; [email protected]
Subject: RE: [FW1] Hardware HA solution advice needed



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


You can't run NAT on the firewall with the Cisco CSS boxes- at least
that's what the Cisco docs say.  VPN's aren't fun either, but are doable
(well site to site VPN's are, but SecuRemote VPN's are impossible from the
looks of it).  Not to mention they're not OPSEC certified for
load-balancing, only failover H/A.

Honestly, if you want a hardware solution, you're better off with Alteon
or Radware IMHO.  Though I would seriously consider a software solution.
I find StoneBeat FullCluster and RainWall simpler, more robust, and
cheaper for most cases.  Not to mention, they don't have the rather lame
limitiations of the CSS's.

- -- 
Aaron D. Turner  Security Architect, OneSecure  http://www.onesecure.com/
[email protected]  work:cell:pub  1024D/1B57EB4D 2000-09-27 Aaron D. Turner <[email protected]>
     Key fingerprint = F90C BFB4 4404 5504 295D  4435 578B 1DD5 1B57 EB4D
All emails by me are PGP signed; an invalid signature indicates a forgery.

On Mon, 12 Mar 2001 [email protected] wrote:

>
> Earl,
>
> Sorry, I don't know - we don't use NAT.
>
> "Hartley, Earl" <[email protected]>@lists.us.checkpoint.com on
09/03/2001
> 14:12:22
>
> Sent by:  [email protected]
>
>
> To:   "'[email protected]'" <[email protected]>,
>       "Thomas Holmstrom" <[email protected]>
> cc:   [email protected], [email protected]
> Subject:  RE: [FW1] Hardware HA solution advice needed
>
>
>
> How well do the Cisco boxes work with NAT?  The switches apparently have a
> requirement to handle all translation themselves (per the documentation),
> and I'd hate to have to redesign and redeploy (we're a pure CheckPoint/NAT
> shop) if we don't have to do so.
>
> > -----Original Message-----
> > From:   [email protected] [SMTP:[email protected]]
> > Sent:   Friday, March 09, 2001 8:03 AM
> > To:     Thomas Holmstrom
> > Cc:     [email protected];
> [email protected]
> > Subject:     Re: [FW1] Hardware HA solution advice needed
> >
> >
> > Jeff / Thomas
> >
> > Cisco content switches work fine.  We have them in a "firewall sandwich"
> > design for H/W Firewall Load-balancing.  Not really using them for real
> > layer 7 content (ie web) switching though so I can't comment
specifically
> > on that.
> >
> > Regards
> >
> >
> >
> >
> >
> > "Thomas Holmstrom" <[email protected]>@lists.us.checkpoint.com on
> > 08/03/2001 19:34:42
> >
> > Sent by:  [email protected]
> >
> >
> > To:   [email protected],
> [email protected]
> > cc:
> > Subject:  Re: [FW1] Hardware HA solution advice needed
> >
> >
> >
> >
> > I've been told by more than a few Cisco engineers that Cisco Content
> > Switches will do HA and load balancing in lieu of a software solution
for
> > Checkpoint, but I've never met anyone who has even tested this. Content
> > Switches would probably cost somewhat more than either Stonesoft or
> > Rainfinity also.
> >
> > >From: Jeff_Newton <[email protected]>
> > >To: [email protected]
> > >Subject: [FW1] Hardware HA solution advice needed
> > >Date: Thu, 08 Mar 2001 10:23:37 -0800
> > >
> > >
> > >
> > >I understand Stonebeat and Rainwall have software solutions but I have
> > >always been more comfortable with hardware solutions (layer 7 switches)
> > >for server load balancing.  Can anyone offer some advice for a hardware
> > >HA solution for FW1?  How about a solution that includes support for
> > >SecuRemote?
> > >
> > >Cheers,
> > >
> > >--
> > >Jeff Newton
> > >
> > >
> > >
> >
> ==========================================================================
> > ======
> >
> > >      To unsubscribe from this mailing list, please see the
instructions
> > at
> > >                http://www.checkpoint.com/services/mailing.html
> > >
> >
> ==========================================================================
> > ======
> >
> >
> >
_________________________________________________________________________
> > Get Your Private, Free E-mail from MSN Hotmail at
http://www.hotmail.com.
> >
> >
> >
> >
> ==========================================================================
> > ======
> >
> >      To unsubscribe from this mailing list, please see the instructions
> at
> >                http://www.checkpoint.com/services/mailing.html
> >
> ==========================================================================
> > ======
> >
> >
> >
> >
> >
> >
> ==========================================================================
> > ======
> >      To unsubscribe from this mailing list, please see the instructions
> at
> >                http://www.checkpoint.com/services/mailing.html
> >
> ==========================================================================
> > ======
>
>
>
----------------------------------------------------------------------------
--
>
> This message is intended only for the personal and confidential use of the
> designated recipient(s) named above.  If you are not the intended
recipient
> of this message you are hereby notified that any review, dissemination,
> distribution or copying of this message is strictly prohibited.  This
> communication is for information purposes only and should not be regarded
> as an offer to sell or as a solicitation of an offer to buy any financial
> product, an official confirmation of any transaction, or as an official
> statement of Lehman Brothers Inc.  Email transmission cannot be guaranteed
> to be secure or error-free.  Therefore, we do not represent that this
> information is complete or accurate and it should not be relied upon as
> such.  All information is subject to change without notice.
>
>
>
>
>
============================================================================
====
>
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>
>
>
>
>
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: Public key 0x1B57EB4D at: http://www.keyserver.net/en/
Filter: gpg4pine 4.1 (http://azzie.robotics.net)

iEYEARECAAYFAjqxF2cACgkQV4sd1RtX600nZACePrs/bX4DcftG3EcWmoKNy3Di
vFUAn3EFUBIHdZYnOlEmeM+sWAbjaAJR
=23tj
-----END PGP SIGNATURE-----



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.