[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Backup Links and Load balancing.
George, Joe et alii: While it's true that FW-1 doesn't NATIVELY speak IPX/SPX, it can certainly be configured to recognize the protocols and, of course, any specific ports (yes, it requires some tricky customization, but it IS possible). As far as the SAP traffic ... well, if you can isolate which servers and clients are involved, and set up static routes for those connections, you can force the SAP traffic through those routes. SAP is, for the most part, a FAIRLY well-behaved TCP application (although it may take a bit of "sniffing" to identify all of the ports involved), and can easily be allowed/restricted through judicious use of additional services/firewall rules and router access lists. W Earl Hartley -----Original Message----- From: Juppunov, George [mailto:[email protected]] Sent: Monday, August 20, 2001 9:42 PM To: 'Firewall-1 (Joe Voisin)'; 'FW1 List' Subject: RE: [FW1] Backup Links and Load balancing. Joe, I need further detail to make a final recommendation but here are a few pointers to start and a couple of questions. - CheckPoint does not speak IPX/SPX, nor does the Internet. - You can tunnel your Novell traffic depending on your transport choices (need more info). - If you have a heterogeneous network (IPX/SPX and TCP/IP traffic), you can split your protocol domains and route each one separately (IP across your VPN and IPX across your F/R). - You should be able to optimize your SAP traffic, however I need more info on your routers, routing protocols etc. - What do you mean by all other traffic vs. SAP traffic only? George -----Original Message----- From: Firewall-1 (Joe Voisin) [mailto:[email protected]] Sent: Monday, August 20, 2001 11:16 AM To: 'FW1 List' Subject: [FW1] Backup Links and Load balancing. I have a situation where I have 3 Checkpoint Firewall-1 Servers. Two are Management Consoles and one is just a module. Currently all sites have T1 Internet Access, but because they are in different countries, they are connected through dedicated circuits and not through the Internet. I have been asked to try and determine if there is a way that we can add redundancy to our network by allowing connectivity to the other firewalls through the Internet VIA VPN in case that the frame relay network goes down. Also, they are interested in offloading traffic to the Austrian network over the limited 32k frame relay. They would like to have SAP traffic go across the frame link (to reduce latency) and everything else goes across the Internet VPN link (more bandwidth, but has more lag). Has anyone done any type of load balancing across multiple links based on type of traffic? And how does one allow for redundant links? ===================================================================== Joseph Voisin, Systems and Network Administrator, Engel Canada Inc. www.engelmachinery.com | [email protected] |===================================================================== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== _____________________________________________________________________ IMPORTANT NOTICES: This message is intended only for the addressee. Please notify the sender by e-mail if you are not the intended recipient. If you are not the intended recipient, you may not copy, disclose, or distribute this message or its contents to any other person and any such actions may be unlawful. Banc of America Securities LLC("BAS") does not accept time sensitive, action-oriented messages or transaction orders, including orders to purchase or sell securities, via e-mail. BAS reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the BAS e-mail system. ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ------------------------------------------------------------------------------ This message is intended only for the personal and confidential use of the designated recipient(s) named above. If you are not the intended recipient of this message you are hereby notified that any review, dissemination, distribution or copying of this message is strictly prohibited. This communication is for information purposes only and should not be regarded as an offer to sell or as a solicitation of an offer to buy any financial product, an official confirmation of any transaction, or as an official statement of Lehman Brothers. Email transmission cannot be guaranteed to be secure or error-free. Therefore, we do not represent that this information is complete or accurate and it should not be relied upon as such. All information is subject to change without notice. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|