Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] HA Question

To: <[email protected]>
Subject: Re: [FW1] HA Question
From: [email protected]
Date: Sun, 18 Mar 2001 11:40:23 -0500
Sender: [email protected]


Chuck,

Although it won't operate as you desire "out-of-box", Stonesoft's StoneBeat
FullCluster can be configured through the customizable test subsystem to
function as you requested. Using several interface-linkstatus tests and
some basic shell scripts, it can perform failover per interface. You would
have to twiddle with the scripts on your own, however, to get them to
perform exactly as you desire.

----------------------------------------------------------------
Mark Boltz                                       Stonesoft, Inc.
Network Security Specialist           115 Perimeter Center Place
[email protected]              South Terraces, Suite 1000
Tel:Atlanta, GA 30346
Cel:USA
Fax:http://www.stonesoft.com

Support:(US Toll Free)
Support:"Little, Chuck"                                                                                                       
                    <[email protected]>                   To:     <[email protected]>                        
                    Sent by:                                    cc:                                                                       
                    [email protected]        Subject:     [FW1] HA Question                                            
                    kpoint.com                                                                                                            
                                                                                                                                          
                                                                                                                                          
                    03/13/2001 05:11 PM                                                                                                   
                                                                                                                                          
                                                                                                                                          






We have been researching various High Availability products for Checkpoint
Firewall-1
(running on Solaris 7), and we haven't had any luck locating a product that
does what
we are looking for. Example: a pair of CP FW-1 4.1 SP2 firewalls, with ~6
internal
interfaces. If we lose one of the internal interfaces, that entire node
drops out of
the cluster, rather than the traffic for only that interface rolling over
to the "good"
node.

Is there an HA product for CP Firewall-1 that does HA on a Per Interface
basis, rather
than "all or none" (e.g. lose one interface, that firewall drops out of the
cluster.)?
Rainwall doesn't, Stonebeat doesn't, and Checkpoint HA doesn't.

This seems like a product/feature that would have been requested before
(not
according to the vendors I have spoken with. Apparently it's a feature
that's never
been requested.).

So how does everyone else handle HA? Is it strictly "all or none", is there
a product
I've missed in my research, or is it pretty much a script your own type of
deal?

###########################
  Chuck Little
  Security Engineer
###########################






================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] Hardening of OS
Next by Date: [FW1] Resolving IP addresses to web site names
Previous by thread: [FW1] HA Question
Next by thread: [FW1] Securemote/SDL/Firewall problem
Index(es):
- Date
- Thread