Can anyone give me the benefit of their experience regarding redundant
management. Dealing with a worldwide implementation of Checkpoint
Firewalls and the customer is concerned with having redundant management servers
in the case that a connection goes down between the management server and the
remote module(s).
Desired functionality ===============
Redundant Management Options
For Example:
*************** Primary Management Server in USA is
up and running. Secondary Management Server in London is
up and running. Wide area connections between London and
USA goes down. Primary Management Server can no longer
communicate with London firewalls. Secondary Management
Server in London can still access and manage firewalls in
London. I would just like to say that I am looking for
the various model/architecture options which may provide the desired
result.
I understand that the remote module will continue to
function normally without the managements server ever coming back
online.
Having two enterprise management servers seems possible and the
only issue would be making sure the rulebase, nat, etc are all up to
date.
I was also looking into Provider-1. I think I could make it
do what I want, but it seems designed for a different set of
circumstances.
Regards Bill
|