Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] High Availability

To: [email protected]
Subject: Re: [FW-1] High Availability
From: "Roelandts, Guy" <[email protected]>
Date: Wed, 24 Oct 2001 08:13:38 +0100
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Not true,

  HA = 1 stand bye machine  + 1 active

  What you describe as HA is LB (Load Balancing)

  In the case of CheckPoint it's really HA, one active one stand bye, how
 would two systems be able to answer queries then having the same Unicast
 MAC Address/IP Address ??

Met vriendelijke groeten - Bien à vous - Kind regards

Guy ROELANDTS
EMEA GS Internet Expertise Centre - CCSA & CCSE
Compaq Software Engineer - Belgium
E-mail : [email protected]
Tel: +32(02)729.77.44 (options  3 - 3 - 1)
Fax: +32(02)729.77.65

=====================================================================
This message may contain confidential and/or proprietary information,
and is intended only for the person/entity to whom it was originally
addressed. The content of this message may contain private views and
opinions which do not constitute a formal disclosure or commitment
unless specifically stated. Should you receive this message by mistake
please inform the sender immediately.
=====================================================================



-----Original Message-----
From: Rameen Tabatabaian [mailto:[email protected]]
Sent: Tuesday, October 23, 2001 10:31 PM
To: [email protected]
Subject: Re: [FW-1] High Availability


Sounds like you are doing failover not HA, in HA all boxes are in Active
mode, whereas in failover, there is a primary in Active and a secondary in
Standby.  However, HA may mean different things in marketing terms.

re # 3 - sounds like you are proxy arping b/c due to using IP's on your
static nats from the uplink subnet that your ext interface belongs to.  If
you're using VRRP for your failover method, use the VRRP mac as the proxy
arp mac for your inbound static nats and make sure you configure on both the
pri and the sec.  Also, make sure you set the the nat's as being active (in
the vrrp sense) on the pri and standby on the sec or else the sec will
contend/compete for traffic against the pri and you will have connectivity
issues for your inbound nats.



-----Original Message-----
From: Toth, David [mailto:[email protected]]
Sent: Tuesday, October 23, 2001 8:01 AM
To: [email protected]
Subject: Re: [FW-1] High Availability


1. I think its the secondary firewall, but could be both.
2. You configure what makes it failover.
3. Not sure what you're asking.
4. I have the Checkpoint HA product on NG and it is working great! Words
can't explain how happy I am with the product, so far. Let me know what you
find out.

Dave in Cleveland.


-----Original Message-----
From: Scott Kellerman [mailto:[email protected]]
Sent: Monday, October 22, 2001 4:33 PM
To: [email protected]
Subject: [FW-1] High Availability


We are in the process of testing Check Points High Availability.  We are
running on ver. 4.1, on sun sparc 10, running Solaris 7.  I have 3
questions...

1. Which machine monitors the primary firewall to see if it has failed ? is
it the management station, or the secondary firewall ?

2. We have several DMZ's off a quad card on the firewall.  If only one of
those legs fail, does it fail over ?

3. In the DMZ's we support several web sites, and must set up ARP's in a
start up script so IP's of the web sites are taken by the firewall.  Can we
be running the ARP's on both the Primary and Secondary firewalls without
both machines wanting to take the request, or do we need to manually run the
ARP's after the fail over ?

Also, can I get some feed back from the people who have tried checkpoints
High Availability solution....good or bad ?

Thank you very much

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

Follow-Ups:
- Re: [FW-1] High Availability
  - From: Patrick Ethier <[email protected]>

Prev by Date: Re: [FW-1] Upgrade 4.1 to NG
Next by Date: Re: [FW-1] Upgrade 4.1 to NG
Previous by thread: Re: [FW-1] High Availability
Next by thread: Re: [FW-1] High Availability
Index(es):
- Date
- Thread