NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] HA on NG

Well i dont agree with that. We are running 2 x ip520 with NG fr1 without "almost" any problems. Policy install tooks something like 10 sec for 20 rules.

well imo state sync works fine and you actually can set it up really easily ( 10 min ). Just waiting for fr2 to come so I can control witch services to sync.  only problem is

in this scenario that you just monitor physical errors.. no failover for checkpoint errors. any good solves ?

 

-Jani

 

-----Original Message-----
From: Aeon Hale [mailto:[email protected]]
Sent: 13. maaliskuuta 2002 23:22
To: [email protected]
Subject: Re: [FW-1] HA on NG

 

I just setup HA on 2 IP530s running NG.  The VRRP part of the Nokia's (IPSO 3.4.2) works great, BUT NG is very, very slow on IPSO.  Even local commands such as all "fw" commands are sluggish.  Pushing policy takes anywhere from 5-10 minutes.  Checkpoint/Nokia's response to these issues are "they are normal for NG and ipso, hope they will be corrected soon".  I did not like that answer, but unfortunately, i'm not going to go back to 4.1.  As far as the redundancy and state sync, everything seems to be working fine, but we have not gone into full scale production yet.

 

My opinion, stay away from NG and ipso for now.  But this is no concern for you since you are running stonebeat.  But NG as a whole, i have had issues.

-----Original Message-----
From: Abraham, Elliott [mailto:[email protected]]
Sent: Wednesday, March 13, 2002 3:20 PM
To: [email protected]
Subject: [FW-1] HA on NG

Anybody set this up yet and play with it?  Looking for pro's/con's.  I currently have an environment with 4.1/stonebeat as the HA.  Any tips on setup/config would be appreciated.

 

Thanks

 

L. Elliott Abraham, CISSP

BTSI Security Specialist

work

[email protected] - ipager

 

 

**************************************************************************************************************************************************

"The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers."


  
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.