[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] a little OT: Router/Firewall Issues
Well, as I said in my post, I'm not too familiar with the routing protocols, so I'm not usre about these things: 1. Can the firewall in question support these routing protocols? (That depends on the OS, I guess) 2. If not, can the internal router see that the link is down, even if it's "next hop" is up? I mean, if you have |rtr1| ---- |FW| --- |rtr2| --- |Internet| will rtr1 be able to see that the link from rtr2 to the Internet is down? Cheers, Anders :) -----Original Message----- From: Dan Hitchcock [mailto:[email protected]] Sent: 26. november 2001 17:56 To: [email protected] Subject: Re: [FW-1] Router/Firewall Issues Aren't we just talking about running a routing protocol here, as Anders suggested? Yes, you'll need to configure static routing (or use an internal routing protocol) to ensure that all devices on each subnet (including the firewalls) know how to get to the other subnet. In order to automate the failover, you'll need to use a routing protocol like EIGRP, BGP, or OSPF on your external router to detect the "down" connection and instruct your internal routers, A-1 or B-1, to use the T1 as default rather than the local firewall. Your internal clients will therefore need to use the internal routers as their default gateway (A-1 at siteA, B-1 at siteB). You may have best success passing BGP through your firewall. HTH - please post with further questions. Dan Hitchcock CCNP, CCSE, MCSE Security Analyst Breakwater Security Associates, Inc. "Safe Harbor for E-Business" dhitchcock (at) breakwatersecurity (dot) com http://www.breakwatersecurity.com <http://www.breakwatersecurity.com>work The information contained in this email message may be privileged, confidential and protected from disclosure. If you are not the intended recipient, any dissemination, distribution or copying is strictly prohibited. If you think you have received this email message in error, please email the sender at [email protected] =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|