Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Several Functional Questions

To: "'GIRAUT,JESUS (HP-Venezuela,ex1)'" <[email protected]>, "'Fw1 Mailing List' (E-mail)" <[email protected]>
Subject: RE: [FW1] Several Functional Questions
From: "Luke, Jason (ISS Southfield)" <[email protected]>
Date: Wed, 25 Jul 2001 10:43:33 -0400
Sender: [email protected]

1.	There is no normal, good way to load balance the nokias.  You can
rig it so that, for instance, the Nokias share two different virtual IP's on
the same subnet.  One nokia is primary for one, and the other nokia primary
for the other.  Then if you can route half of your traffic thru one IP, and
the other half thru the other IP, then technically both nokias are sharing
the load.  It works, but depending on your environment, it could be a good
or bad idea.

2. Is your question about RealSecure ON the Nokia box by itself (no
firewall)?  I assume it is.  RealSecure 6.0 has the ability to monitor
multiple interfaces now so one box could monitor multiple segments though
you are limited by total traffic being inspected.

3.	Your provider was wrong. Floodgate can be installed on a Nokia, and
luckily for you, it already is installed on YOUR nokia box.  This is because
FloodGate is not a separate package to install, it comes in the Firewall
package for Nokia, you just need to turn it on.
FloodGate demands 256Mb RAM so dont bother unless you have that.  Just type
'fgconfig' put in a license and away you go.  

Jason Luke


-----Original Message-----
From: GIRAUT,JESUS (HP-Venezuela,ex1) [mailto:[email protected]]
Sent: Friday, July 20, 2001 3:16 PM
To: 'Fw1 Mailing List' (E-mail)
Subject: [FW1] Several Functional Questions



Hi everybody,

I need to clarify some technical questions in order to build a proposal.
I'm asking you these questions because I had received opposite answer from
my Checkpoint provider and from CheckPoint engineers.

Next, I'm writing you my questions:
 
1.- The first question is related to the way the NOKIA IP650 firewalls work
in High Availability.  According to the documentation I have found, the way
these boxes work in High Availability is doing a failover, one firewall
acting as primary or active and the other one acting as secondary or
stand-by.  However, our costumer is looking for a scheme where both
firewalls could work at the same time doing load balancing.  My questions
are: Can I configure the NOKIA firewalls to work in load balancing? Do I
need to buy any additional module?, or the only way to achieve the load
balancing is using a third party product like Cisco Local Director?
2.- The second question is related to the IIS RealSecure product.  I would
like to know how RealSecure network sensors work with these Nokia boxes.  My
questions regarding this subject are: How many network sensors are
installed? one for each LAN interface? Only one inspecting the traffic
getting to the external interface?
3.- The third question is related to the Floodgate product. My CheckPoint
provider told me that is not possible to install the Floodgate Module on the
Nokia box, so I included a separated server for the Floodgate module.
However, I'm not sure how the Floodgate Module is going to control the
traffic if it isn't installed on the Nokia firewalls, which controls all the
communication in the network. Do I have to place the Floodgate server in
front of the Nokia firewall?  (I'm attaching the arquitecture diagram)
 
Thanks in advance for your help and regards,


=========================================================
        _/               |  Jesus Giraut
       _/                |  IT Solution Consultant        
      _/_/_/  _/_/_/     |  MCA Region
     _/  _/  _/  _/      |  HP Consulting 
    _/  _/  _/_/_/       |  Phone:  (_/            |  Fax:    (_/             |  Telnet: 1-207-8083
                         |  Mobile: (58) 14-274-7457
                         |  eMail:  [email protected]
========================================================= 


 


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Anti-spoofing
Next by Date: [FW1] SecuRemote on Win2K
Previous by thread: [FW1] Several Functional Questions
Next by thread: [FW1] Checkpoint Firewall Administrator/ Network Security Opportunities in Spain
Index(es):
- Date
- Thread