Well i dont agree with
that. We are running 2 x ip520 with NG fr1 without "almost" any
problems. Policy install tooks something like 10 sec for 20 rules.
well imo state sync works
fine and you actually can set it up really easily ( 10 min ). Just waiting for
fr2 to come so I can control witch services to sync. only problem is
in this scenario that you
just monitor physical errors.. no failover for checkpoint errors. any good
solves ?
-Jani
-----Original
Message-----
From: Aeon Hale
[mailto:[email protected]]
Sent: 13. maaliskuuta 2002 23:22
To:
[email protected]
Subject: Re: [FW-1] HA on NG
I just setup HA on 2 IP530s running NG. The VRRP part of the
Nokia's (IPSO 3.4.2) works great, BUT NG is very, very slow on IPSO. Even
local commands such as all "fw" commands are sluggish. Pushing
policy takes anywhere from 5-10 minutes. Checkpoint/Nokia's response to
these issues are "they are normal for NG and ipso, hope they will be
corrected soon". I did not like that answer, but unfortunately, i'm
not going to go back to 4.1. As far as the redundancy and state sync,
everything seems to be working fine, but we have not gone into full scale
production yet.
My opinion, stay away from NG and ipso for now. But this is
no concern for you since you are running stonebeat. But NG as a whole, i
have had issues.
-----Original Message-----
From: Abraham, Elliott
[mailto:[email protected]]
Sent: Wednesday,
March 13, 2002 3:20
PM
To:
[email protected]
Subject: [FW-1] HA on NG
Anybody set this up yet
and play with it? Looking for pro's/con's. I currently have an
environment with 4.1/stonebeat as the HA. Any tips on setup/config would
be appreciated.
Thanks
L. Elliott Abraham, CISSP
BTSI Security
Specialist
work
[email protected]
- ipager
**************************************************************************************************************************************************
"The
information transmitted is intended only for the person or entity to which it
is addressed and may contain confidential, proprietary, and/or privileged
material. Any review, retransmission, dissemination or other use of, or taking
of any action in reliance upon, this information by persons or entities other
than the intended recipient is prohibited. If you received this in error,
please contact the sender and delete the material from all computers."