----- Original Message -----
Sent: Thursday, May 02, 2002 10:32
AM
Subject: Re: [FW-1] Nokia & ISP
Load Balance
The main problem you will encounter is that your VRRP
traffic would have to pass over the internet for the boxes to detect each
others' failures on the serial interface. In other words, no, it won't
work (at least, not how you hope :)
A pair of routers running HSRP and iBGP/eBGP will work, as
would a pair of LinkProofs (need 2 of them to maintain true HA at all points
in your environment) or similar load-balancing device.
HTH
Dan Hitchcock
CCNP CCSE MCSE
Security Operations Technical Lead
Breakwater Security Associates, Inc.
"Safe
Harbor for Your Business"
dhitchcock (at)
breakwatersecurity (dot) com
http://www.breakwatersecurity.com
work
-----Original Message-----
From:
McCracken Peter [mailto:[email protected]]
Sent: Thursday, May 02, 2002 3:49 AM
To: [email protected]
Subject: [FW-1] Nokia & ISP Load Balance
Hi All,
I have a moderate amount of experience with firewalls and
have worked
with a number of HA solutions including
Nokia setups and Sun coupled with
Stonebeat...
The majority of these solutions use the traditional ISP
connection, router,
dual firewall setup.
I want to develop a solution using dual 2mb ISP connections
that are load
balanced. From the
information I have been able to pull off the net and also reading
through
the archives of mailing
lists, the normal way to do this is using two Cisco routers
configured with
iBGP and eBGP
and dual firewalls. Fair enough.
But I have been looking at the Nokia solutions recently, and
I like the idea
of being able to
clunk my Firewall directly into the X21 connection from my leased
line modem
thus removing
the
need for the standard internet router...
What I am wondering is, if it is possible to setup two Nokia
650's each
connected directly to a
different 2mb link and provide load balancing and HA between them
for
inbound and outbound traffic...
What I need to know is
(a) Is this possible.
(b) Is it a
good idea.
(c) Anywhere I might find sample diagrams
/ configs / information about
doing this....
My attemp at a diagram below will hopefully illustrate what
I am talking
about.
2Mb Conneciton
1
2mb Connection 2
!
!
!
!
!
!
******************
****************
* Nokia
650
*
* Nokia 650 *
******************
****************
!
!
!
!
!
!
====================================
Corporate LAN
====================================
I would be grateful for any pointers or suggestions about
how I could
achieve
load
balancing across the two links.
Best Regards, Peter.
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set
fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please
see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================