[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] HA Question
Chuck, Although it won't operate as you desire "out-of-box", Stonesoft's StoneBeat FullCluster can be configured through the customizable test subsystem to function as you requested. Using several interface-linkstatus tests and some basic shell scripts, it can perform failover per interface. You would have to twiddle with the scripts on your own, however, to get them to perform exactly as you desire. ---------------------------------------------------------------- Mark Boltz Stonesoft, Inc. Network Security Specialist 115 Perimeter Center Place [email protected] South Terraces, Suite 1000 Tel:Atlanta, GA 30346 Cel:USA Fax:http://www.stonesoft.com Support:(US Toll Free) Support:"Little, Chuck" <[email protected]> To: <[email protected]> Sent by: cc: [email protected] Subject: [FW1] HA Question kpoint.com 03/13/2001 05:11 PM We have been researching various High Availability products for Checkpoint Firewall-1 (running on Solaris 7), and we haven't had any luck locating a product that does what we are looking for. Example: a pair of CP FW-1 4.1 SP2 firewalls, with ~6 internal interfaces. If we lose one of the internal interfaces, that entire node drops out of the cluster, rather than the traffic for only that interface rolling over to the "good" node. Is there an HA product for CP Firewall-1 that does HA on a Per Interface basis, rather than "all or none" (e.g. lose one interface, that firewall drops out of the cluster.)? Rainwall doesn't, Stonebeat doesn't, and Checkpoint HA doesn't. This seems like a product/feature that would have been requested before (not according to the vendors I have spoken with. Apparently it's a feature that's never been requested.). So how does everyone else handle HA? Is it strictly "all or none", is there a product I've missed in my research, or is it pretty much a script your own type of deal? ########################### Chuck Little Security Engineer ########################### ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|