[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] RE: Réf. : RE: [FW1] distant redundant Internet access
FW-1 can pass OSPF traffic with an appropriate rule (IP protocol 89). The underlying OS will need to be able to support OSPF routing. I'm currently doing it on Nokias. gated (www.gated.org) on *nix can do it. I've heard that Win 2k can do it. Do your two buildings exist on the same network with the fiber just bridging them or are they separate routed networks connected via fiber? This will be important when you design your OSPF area(s) (one backbone area for both buildings or a backbone area between both buildings and an adjacent area for each building). I'm not sure if FW-1 can detect if a CVP server is down. You could, however, run another fiber between buildings and load balance the proxies in front of the FWs. Chris -----Original Message----- From: Philippe Oechslin [mailto:[email protected]] Sent: Friday, March 23, 2001 9:48 AM To: Chris Arnold Cc: [email protected] Subject: Réf. : RE: [FW1] distant redundant Internet access OSPF wouldn't notice if a proxy was out of order, would it? In my setup, Internet based trafic has a destination address corresponding to a proxy in a DMZ. The proxies are used for virus scanning and caching. Maybe I could use CVP to do the virus scanning and use transparent caching. In that case, Internet bound trafic would have Inernet destination addresses and OSPF could do its magic. I have a question in that case: does FW-1 support OSPF (if yes, on which platform). And then, if an CVP antivirus server breaks down, can the FW detect it and use OSPF to send the trafic to the other firewall ? regards, Philippe Chris Arnold <[email protected]> le 23.03.2001 15:25:15 Pour Philippe Oechslin/Netexpert, : [email protected] cc : Objet RE: [FW1] distant redundant Internet access : Run OSPF on the inside and BGP on the outside. It will allow for internal and external routing fail-over. Chris -----Original Message----- From: Philippe Oechslin [mailto:[email protected]] Sent: Friday, March 23, 2001 5:24 AM To: [email protected] Subject: [FW1] distant redundant Internet access I have two Internet accesses in two buildings using two ISPs. The buildings are connected by a fiber. In each building I have a FW-1 with a DMZ comprising HTTP, FTP, SMTP proxies and an external router connected to one ISP. By default, users of one building use the Internet access provided in their building. - Is there any standard way to have all trafic redirected if any of the elements in one building fails? - Any good documentation on building redundant systems other that with cluster solutions like CP High Availability of StoneBeat where (these solutions need the machines to be in the same location and use the same IP/MAC addresses)? - note that the redirection mechanism may be different for an ISP failure than a proxy failure. I am sure that this has been done before, I am grateful for any pointers. cheers, Philippe Oechslin ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|