NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Backup Links and Load balancing.



George, Joe et alii:

	While it's true that FW-1 doesn't NATIVELY speak IPX/SPX, it can
certainly be configured to recognize the protocols and, of course, any
specific ports (yes, it requires some tricky customization, but it IS
possible).  As far as the SAP traffic ... well, if you can isolate which
servers and clients are involved, and set up static routes for those
connections, you can force the SAP traffic through those routes.  SAP is,
for the most part, a FAIRLY well-behaved TCP application (although it may
take a bit of "sniffing" to identify all of the ports involved), and can
easily be allowed/restricted through judicious use of additional
services/firewall rules and router access lists.

									W
Earl Hartley

-----Original Message-----
From: Juppunov, George [mailto:[email protected]]
Sent: Monday, August 20, 2001 9:42 PM
To: 'Firewall-1 (Joe Voisin)'; 'FW1 List'
Subject: RE: [FW1] Backup Links and Load balancing.



Joe,

I need further detail to make a final recommendation but here are a few
pointers to start and a couple of questions.
- CheckPoint does not speak IPX/SPX, nor does the Internet.
- You can tunnel your Novell traffic depending on your transport choices
(need more info).
- If you have a heterogeneous network (IPX/SPX and TCP/IP traffic), you can
split your protocol domains and route each one separately (IP across your
VPN and IPX across your F/R).
- You should be able to optimize your SAP traffic, however I need more info
on your routers, routing protocols etc.
-  What do you mean by all other traffic vs. SAP traffic only?

George 


 -----Original Message-----
From: 	Firewall-1 (Joe Voisin) [mailto:[email protected]] 
Sent:	Monday, August 20, 2001 11:16 AM
To:	'FW1 List'
Subject:	[FW1] Backup Links and Load balancing.


I have a situation where I have 3 Checkpoint Firewall-1 Servers.  Two are
Management Consoles and one is just a module.

Currently all sites have T1 Internet Access, but because they are in
different countries, they are connected through dedicated circuits and not
through the Internet. 

I have been asked to try and determine if there is a way that we can add
redundancy to our network by allowing connectivity to the other firewalls
through the Internet VIA VPN in case that the frame relay network goes down.

Also, they are interested in offloading traffic to the Austrian network over
the limited 32k frame relay.  They would like to have SAP traffic go across
the frame link (to reduce latency) and everything else goes across the
Internet VPN link (more bandwidth,  but has more lag).

Has anyone done any type of load balancing across multiple links based on
type of traffic?  And how does one allow for redundant links?


=====================================================================
Joseph Voisin, Systems and Network Administrator, Engel Canada Inc. 
www.engelmachinery.com | [email protected] |=====================================================================




============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


_____________________________________________________________________ 
IMPORTANT NOTICES: 
          This message is intended only for the addressee. Please notify the
sender by e-mail if you are not the intended recipient. If you are not the
intended recipient, you may not copy, disclose, or distribute this message
or its contents to any other person and any such actions may be unlawful.

         Banc of America Securities LLC("BAS") does not accept time
sensitive, action-oriented messages or transaction orders, including orders
to purchase or sell securities, via e-mail.

         BAS reserves the right to monitor and review the content of all
messages sent to or from this e-mail address. Messages sent to or from this
e-mail address may be stored on the BAS e-mail system.




============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====



------------------------------------------------------------------------------
This message is intended only for the personal and confidential use of the designated recipient(s) named above.  If you are not the intended recipient of this message you are hereby notified that any review, dissemination, distribution or copying of this message is strictly prohibited.  This communication is for information purposes only and should not be regarded as an offer to sell or as a solicitation of an offer to buy any financial product, an official confirmation of any transaction, or as an official statement of Lehman Brothers.  Email transmission cannot be guaranteed to be secure or error-free.  Therefore, we do not represent that this information is complete or accurate and it should not be relied upon as such.  All information is subject to change without notice.




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.