[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] High Availability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 A company called Top Layer has a really cool switch that allows you to sandwich multiple firewalls for load-balancing. You might want to check that out. Regards, Patrick Ethier [email protected] - ----- Original Message ----- From: "Roelandts, Guy" <[email protected]> To: <[email protected]> Sent: Wednesday, October 24, 2001 3:13 AM Subject: Re: [FW-1] High Availability > Not true, > > HA = 1 stand bye machine + 1 active > > What you describe as HA is LB (Load Balancing) > > In the case of CheckPoint it's really HA, one active one stand bye, how > would two systems be able to answer queries then having the same Unicast > MAC Address/IP Address ?? > > Met vriendelijke groeten - Bien à vous - Kind regards > > Guy ROELANDTS > EMEA GS Internet Expertise Centre - CCSA & CCSE > Compaq Software Engineer - Belgium > E-mail : [email protected] > Tel: +32(02)729.77.44 (options 3 - 3 - 1) > Fax: +32(02)729.77.65 > > ===================================================================== > This message may contain confidential and/or proprietary information, > and is intended only for the person/entity to whom it was originally > addressed. The content of this message may contain private views and > opinions which do not constitute a formal disclosure or commitment > unless specifically stated. Should you receive this message by mistake > please inform the sender immediately. > ===================================================================== > > > > -----Original Message----- > From: Rameen Tabatabaian [mailto:[email protected]] > Sent: Tuesday, October 23, 2001 10:31 PM > To: [email protected] > Subject: Re: [FW-1] High Availability > > > Sounds like you are doing failover not HA, in HA all boxes are in Active > mode, whereas in failover, there is a primary in Active and a secondary in > Standby. However, HA may mean different things in marketing terms. > > re # 3 - sounds like you are proxy arping b/c due to using IP's on your > static nats from the uplink subnet that your ext interface belongs to. If > you're using VRRP for your failover method, use the VRRP mac as the proxy > arp mac for your inbound static nats and make sure you configure on both the > pri and the sec. Also, make sure you set the the nat's as being active (in > the vrrp sense) on the pri and standby on the sec or else the sec will > contend/compete for traffic against the pri and you will have connectivity > issues for your inbound nats. > > > > -----Original Message----- > From: Toth, David [mailto:[email protected]] > Sent: Tuesday, October 23, 2001 8:01 AM > To: [email protected] > Subject: Re: [FW-1] High Availability > > > 1. I think its the secondary firewall, but could be both. > 2. You configure what makes it failover. > 3. Not sure what you're asking. > 4. I have the Checkpoint HA product on NG and it is working great! Words > can't explain how happy I am with the product, so far. Let me know what you > find out. > > Dave in Cleveland. > > > -----Original Message----- > From: Scott Kellerman [mailto:[email protected]] > Sent: Monday, October 22, 2001 4:33 PM > To: [email protected] > Subject: [FW-1] High Availability > > > We are in the process of testing Check Points High Availability. We are > running on ver. 4.1, on sun sparc 10, running Solaris 7. I have 3 > questions... > > 1. Which machine monitors the primary firewall to see if it has failed ? is > it the management station, or the secondary firewall ? > > 2. We have several DMZ's off a quad card on the firewall. If only one of > those legs fail, does it fail over ? > > 3. In the DMZ's we support several web sites, and must set up ARP's in a > start up script so IP's of the web sites are taken by the firewall. Can we > be running the ARP's on both the Primary and Secondary firewalls without > both machines wanting to take the request, or do we need to manually run the > ARP's after the fail over ? > > Also, can I get some feed back from the people who have tried checkpoints > High Availability solution....good or bad ? > > Thank you very much > > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp > > =============================================== > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > =============================================== > > =============================================== > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > =============================================== > > =============================================== > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > =============================================== > > =============================================== > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > =============================================== > -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBO9ccBo1wMhK2NAClEQKIxwCg4t2iEZQ1etd3+MY7s5u5ok7HK+AAmwSl AkOwCzFospRoj9nKQaLHEKYD =K28o -----END PGP SIGNATURE----- =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|