[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Nokia clustering
Wally, As suggested in Nokia docummentation, you should use a switch in an IP Clustering environment in order to avoid problems in the case that one of the firewalls fails. Daniel -----Original Message----- From: Wally Hughes [mailto:[email protected]] Sent: quinta-feira, 24 de julho de 2003 13:18 To: [email protected] Subject: Re: [FW-1] Nokia clustering I'd definitely use a separated network. One environment I'd setup we used a mangement network (management server was on it, and some other security servers). We tested this for a while, and it worked ok, but we later switched it to a dedicated interface using a crossover cable. This was all while the environment was in testing, and there never was any major traffic going through the firewalls. Another advantage to the dedicated sync is all you have is a cable. No hub or switch to fail (or power loss) and cause your sync to fail. Wally --- Mitchell Rowton <[email protected]> wrote: > > > In the IPSO documentation you can read that > Nokia recommends that > the two > > > cluster protocol networks are dedicated. Has > anybody experiences > with > > > cluster networks not being dedicated, i.e. > sharing with FW-1 sync > network > > or > > > with a real production network? > > I know of one very large company who brought down > their website because > the sync network was not on a dedicated interface > (large amount of > state sync information). Depending upon the traffic > this may not be a > problem for you. If you do decide not to use a > dedicated interface for > sync, defiantly attempt this after production hours, > and monitor it > closely afterwards. But the IPSO documentation > should be followed if > possible. > > > Mitchell > > ____________________________________________________ > http://www.attackprevention.com > Information Security documents, articles, and policy > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|