Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] 2nd external interface on FW

To: Ivan More <[email protected]>, [email protected]
Subject: Re: [FW1] 2nd external interface on FW
From: Rajeev Kumar <[email protected]>
Date: Thu, 4 Oct 2001 09:42:35 -0400
Cc: [email protected]
In-reply-to: <[email protected]>
References: <[email protected]>
Reply-to: [email protected]
Sender: [email protected]

Ivan,
   Firewall license is based on either hostid or IP address of interface, 
usually external interface. You can use 2 interfaces as external interfaces 
even if your license is based on single interface. Firewall assume IP address 
of that interface as hostid for system. It is your Firewall policy that 
determines what is internal/external interface for practical purpose.

I think here you are trying to load balance/failover between two ISPs if that 
is the case my opinion is to use external router which can do all this and 
connect Firewall after this router. router will deal with all ISP quirks. But 
anyway if you are connecting Firewall directly to ISP(such as Nokia boxes 
etc.) then just define 2 default routes (one for each interface) and machine 
should be able to failover if one interface (i.e one ISP) is down. IN general 
I can forsee few operational problems here. As OS may be confused so does 
FW-1 when one interface suddenly disappears especially when you are using 
Encryption.

Thanks,
Rajeev

On Tuesday 02 October 2001 22:11, Ivan More wrote:
> Hi,
>
> We are running FW-1 ver 4.0 on an NT4 server.
>
> As our higher management wants redundancy to the
> Internet and suggested to have 2 External interfaces
> on the FW-1 ver 4.0 to 2 different ISP to provide
> redundancy?
>
> I do not think this is possible on FW-1 4.0.
>
> Is there such a licensing?
>
> Could someone provide or point me to such information
> as to whether it is possible?
>
> I need concrete information to convince them.
>
> Thanks in advance.
>
>
> Cheers,
> Ivan
>
> _______________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.ca address at http://mail.yahoo.ca
>
>
> ===========================================================================
>===== To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ===========================================================================
>=====

-- 
********************************************************************
	Rajeev Kumar ([email protected])
		http://www.rajeevnet.com
********************************************************************
-- PGP PUBLIC KEY -- http://www.rajeevnet.com/crypto/mypubkey
********************************************************************
What's New on rajeevnet.com:
o Unix/Windows password Sync: 
    http://www.rajeevnet.com/linux/passwd_sync/passwd_sync.html
o Wonders of 'dd' and 'netcat' :: Cloning Operating Systems
    http://www.rajeevnet.com/tips_hints/os_clone/os_cloning.html
********************************************************************

================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] 2nd external interface on FW
  - From: Ivan More <[email protected]>

Prev by Date: RE: [FW1] tired
Next by Date: Re: [FW1] Multilple T1's from different ISp's
Previous by thread: [FW1] 2nd external interface on FW
Next by thread: RE:[FW1] anti-spoofing
Index(es):
- Date
- Thread