NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Nokia & Checkpoint - stateful failover?



We've got two Nokia 530 platforms running FW-1 v4.1 in a failover configuration with VRRP.
 
This is a managed service that we've outsourced.
 
Our managed service provider says that the failover is stateful - all session information is maintained on both platforms.
 
In testing we have reason to believe that the stateful session information is either not current or not being passed; that failover is non-stateful.
Testing included FTP file transfers which broke during a failover test...
 
Our provider mentioned an additional protocol that is used to pass session state information, as VRRP is not designed for stateful failover.
 
 
Can somebody please point me to a URL or explain the stateful failover capability of FW-1 v4.1 (prefer an implementation on Nokia)?
 
 
If this configuration can in fact provide a stateful failover capability, any reason why FTP transfers would fail during a failover event?  If the session info is updated to the alternate platform from the primary, we would expect to see the transfer continue (maybe a few TCP retransmissions at most).  I saw something about a 50ms SYNC interval, but I don't believe that would be a problem.
 
Bonus question: if FW-1 (or Nokia) has its own protocol for session updates to share state information, why need VRRP to detect a failure?
 
Thanks,
 
-Rob Patrick


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.