NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] a little OT: Router/Firewall Issues



Well, as I said in my post, I'm not too familiar with the routing
protocols, so I'm not usre about these things:

1. Can the firewall in question support these routing protocols?
   (That depends on the OS, I guess)
2. If not, can the internal router see that the link is down,
   even if it's "next hop" is up?
   I mean, if you have
     |rtr1| ---- |FW| --- |rtr2| --- |Internet|
   will rtr1 be able to see that the link from rtr2 to
   the Internet is down?

Cheers,
Anders :)


-----Original Message-----
From: Dan Hitchcock [mailto:[email protected]]
Sent: 26. november 2001 17:56
To: [email protected]
Subject: Re: [FW-1] Router/Firewall Issues



Aren't we just talking about running a routing protocol here, as Anders
suggested?  Yes, you'll need to configure static routing (or use an internal
routing protocol) to ensure that all devices on each subnet (including the
firewalls) know how to get to the other subnet.  In order to automate the
failover, you'll need to use a routing protocol like EIGRP, BGP, or OSPF on
your external router to detect the "down" connection and instruct your
internal routers, A-1 or B-1, to use the T1 as default rather than the local
firewall.  Your internal clients will therefore need to use the internal
routers as their default gateway (A-1 at siteA, B-1 at siteB).  You may have
best success passing BGP through your firewall.

HTH - please post with further questions.

Dan Hitchcock
CCNP, CCSE, MCSE
Security Analyst
Breakwater Security Associates, Inc.
"Safe Harbor for E-Business"
dhitchcock (at) breakwatersecurity (dot) com
http://www.breakwatersecurity.com <http://www.breakwatersecurity.com>work

The information contained in this email message may be privileged,
confidential and protected from disclosure.  If you are not the intended
recipient, any dissemination, distribution or copying is strictly
prohibited.  If you think you have received this email message in error,
please email the sender at [email protected]

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.