[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] High Availability
Not true, HA = 1 stand bye machine + 1 active What you describe as HA is LB (Load Balancing) In the case of CheckPoint it's really HA, one active one stand bye, how would two systems be able to answer queries then having the same Unicast MAC Address/IP Address ?? Met vriendelijke groeten - Bien à vous - Kind regards Guy ROELANDTS EMEA GS Internet Expertise Centre - CCSA & CCSE Compaq Software Engineer - Belgium E-mail : [email protected] Tel: +32(02)729.77.44 (options 3 - 3 - 1) Fax: +32(02)729.77.65 ===================================================================== This message may contain confidential and/or proprietary information, and is intended only for the person/entity to whom it was originally addressed. The content of this message may contain private views and opinions which do not constitute a formal disclosure or commitment unless specifically stated. Should you receive this message by mistake please inform the sender immediately. ===================================================================== -----Original Message----- From: Rameen Tabatabaian [mailto:[email protected]] Sent: Tuesday, October 23, 2001 10:31 PM To: [email protected] Subject: Re: [FW-1] High Availability Sounds like you are doing failover not HA, in HA all boxes are in Active mode, whereas in failover, there is a primary in Active and a secondary in Standby. However, HA may mean different things in marketing terms. re # 3 - sounds like you are proxy arping b/c due to using IP's on your static nats from the uplink subnet that your ext interface belongs to. If you're using VRRP for your failover method, use the VRRP mac as the proxy arp mac for your inbound static nats and make sure you configure on both the pri and the sec. Also, make sure you set the the nat's as being active (in the vrrp sense) on the pri and standby on the sec or else the sec will contend/compete for traffic against the pri and you will have connectivity issues for your inbound nats. -----Original Message----- From: Toth, David [mailto:[email protected]] Sent: Tuesday, October 23, 2001 8:01 AM To: [email protected] Subject: Re: [FW-1] High Availability 1. I think its the secondary firewall, but could be both. 2. You configure what makes it failover. 3. Not sure what you're asking. 4. I have the Checkpoint HA product on NG and it is working great! Words can't explain how happy I am with the product, so far. Let me know what you find out. Dave in Cleveland. -----Original Message----- From: Scott Kellerman [mailto:[email protected]] Sent: Monday, October 22, 2001 4:33 PM To: [email protected] Subject: [FW-1] High Availability We are in the process of testing Check Points High Availability. We are running on ver. 4.1, on sun sparc 10, running Solaris 7. I have 3 questions... 1. Which machine monitors the primary firewall to see if it has failed ? is it the management station, or the secondary firewall ? 2. We have several DMZ's off a quad card on the firewall. If only one of those legs fail, does it fail over ? 3. In the DMZ's we support several web sites, and must set up ARP's in a start up script so IP's of the web sites are taken by the firewall. Can we be running the ARP's on both the Primary and Secondary firewalls without both machines wanting to take the request, or do we need to manually run the ARP's after the fail over ? Also, can I get some feed back from the people who have tried checkpoints High Availability solution....good or bad ? Thank you very much _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html =============================================== =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html =============================================== =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html =============================================== =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|