NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] RE: Réf. : RE: [FW1] distant redundant Internet access



FW-1 can pass OSPF traffic with an appropriate rule (IP protocol 89).  The
underlying OS will need to be able to support OSPF routing.  I'm currently
doing it on Nokias.  gated (www.gated.org) on *nix can do it.  I've heard
that Win 2k can do it.

Do your two buildings exist on the same network with the fiber just bridging
them or are they separate routed networks connected via fiber?  This will be
important when you design your OSPF area(s) (one backbone area for both
buildings or a backbone area between both buildings and an adjacent area for
each building).

I'm not sure if FW-1 can detect if a CVP server is down.  You could,
however, run another fiber between buildings and load balance the proxies in
front of the FWs.

Chris

-----Original Message-----
From: Philippe Oechslin [mailto:[email protected]]
Sent: Friday, March 23, 2001 9:48 AM
To: Chris Arnold
Cc: [email protected]
Subject: Réf. : RE: [FW1] distant redundant Internet access



OSPF wouldn't notice if a proxy was out of order, would it?

In my setup, Internet based trafic has a destination address corresponding
to a
proxy in a DMZ. The proxies are used for virus scanning and caching. Maybe I
could use CVP to do the virus scanning and use transparent caching. In that
case, Internet bound trafic would have Inernet destination addresses and
OSPF
could do its magic.

I have a question in that case: does FW-1 support OSPF (if yes, on which
platform). And then, if an CVP antivirus server breaks down, can the FW
detect
it and use OSPF to send the trafic to the other firewall ?

 regards,

  Philippe











Chris Arnold <[email protected]> le 23.03.2001 15:25:15
 

 

 



                                                           
                                                           
                                                           
 Pour  Philippe Oechslin/Netexpert,                        
 :     [email protected]            
                                                           
 cc :                                                      
                                                           
                                                           
                                                           
 Objet RE: [FW1] distant redundant Internet access         
 :                                                         
                                                           








Run OSPF on the inside and BGP on the outside.  It will allow for internal
and external routing fail-over.

Chris

-----Original Message-----
From: Philippe Oechslin [mailto:[email protected]]
Sent: Friday, March 23, 2001 5:24 AM
To: [email protected]
Subject: [FW1] distant redundant Internet access





I have two Internet accesses in two buildings using two ISPs. The buildings
are
connected by a fiber.

In each building I have a FW-1 with a DMZ comprising HTTP, FTP, SMTP proxies
and
an external router connected to one ISP.

By default, users of one building use the Internet access provided in their
building.

- Is there any standard way to have all trafic redirected if any of the
elements
in one building fails?

- Any good documentation on building redundant systems other that with
cluster
solutions like CP High Availability of StoneBeat where (these solutions need
the
machines to be in the same location and use the same IP/MAC addresses)?

- note that the redirection mechanism may be different for an ISP failure
than a
proxy failure.

I am sure that this has been done before, I am grateful for any pointers.

  cheers,

   Philippe Oechslin





============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.