Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] statefull failover for NG AI across

To: [email protected]
Subject: [FW-1] statefull failover for NG AI across
From: "Hennessy, Robert" <[email protected]>
Date: Tue, 4 Nov 2003 12:38:40 -0500
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hi,

I'm upgrading from 4.1 -> AI for many pairs of firewalls but I have an issue
with the statefull failover for my only geographically distributed pair.

Requirements: failover using dynamic routing and statefull connection to the
vendor without a common subnet for sync 
* firewall A in Toronto syncs with firewall B in NY.   fw-A -> WAN -> fwB


current setup in 4.1, it's a little non-standard
We have a vendor that's connected using Toronto as the primary and NY for
backup.
When the dynamic routing from Toronto is lost then the higher metric path
from NY is taken.
The through put is small allowing the firewalls to sync using the internal
interfaces and connect across a wan connection.

In 4.1 this is possible due to the low throughput and the fact any ip
address could be put into the sync file.

In NG they are using a broadcast ip so it's a little different.

Any Ideas??
Nokia Clustering with Multicast is not an option because I need dynamic
routing.
would a vpn tunnel work between them?

I have support working to see if this is possible in NG AI.

Thanks in advance
Rob



<font face="Times New Roman" size="3">
<p>------------------------------------------------------------------------------</p>
<p> This e-mail may be privileged and/or confidential, and the sender does not waive any related rights and obligations. Any distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is unauthorized. If you received this e-mail in error, please advise me (by return e-mail or otherwise) immediately.</p>
<p> Ce courriel est confidentiel et protégé. L'expéditeur ne renonce pas aux droits et obligations qui s'y rapportent. Toute diffusion, utilisation ou copie de ce message ou des renseignements qu'il contient par une personne autre que le (les) destinataire(s) désigné(s) est interdite. Si vous recevez ce courriel par erreur, veuillez m'en aviser immédiatement, par retour de courriel ou par un autre moyen.</p>
<p>====================================================</p>
</font>


=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] Upgrading to Secure Plataform FP4 from Secure Plataform FP3
Next by Date: [FW-1] AW: [FW-1] Upgrading to Secure Plataform FP4 from Secure Plataform FP3
Previous by thread: Re: [FW-1] Upgrading to Secure Plataform FP4 from Secure Plataform FP3
Next by thread: [FW-1] AW: [FW-1] Upgrading to Secure Plataform FP4 from Secure Plataform FP3
Index(es):
- Date
- Thread