Pere,
OS patches aren't a big problem if you have to install them...
Because it's a cluster you can remove one node out of the
cluster and install the patches... reboot the system and
put it back in it's cluster... ofcourse do this in the hours
when the load is at it's lowest because otherwise the other
systems in the cluster may get it too busy....
Administration of the cluster is real easy... one important
thing to do is install a management station in your cluster
(preferred not to use this management station as a member
of the firewall cluster). With this management station you
have one rulebase to administrate. You just push the
rulebases to the nodes in the cluster.
Be sure to have enough diskspace on your management
station because in a seperate management / firewall module
solution all the logging is send to the management station...
So you can view all the logging on the management station...
If you want more specific information contact me off list...
Regards,
Brenno
> -----Original Message-----
> From: Pere Camps [SMTP:[EMAIL PROTECTED]]
> Sent: donderdag 21 juni 2001 0:46
> To: Hiemstra, Brenno
> Cc: '[EMAIL PROTECTED]'; [EMAIL PROTECTED]
> Subject: RE: Checkpoint FW-1 & ATM performance degradation
>
> Brenno,
>
> > Maybe build a firewall cluster with Stonebeat and Firewall -1 if you
> > run your systems on Solaris or NT (would not recommend NT though).
> > You can scale your cluster to make a more load balanced / load sharing
> > firewall solution then just one system firewall
>
> That's the option I'm thinking off. However, I'm worried that I might have
> to put 3 firewalls in there as the bandwith would be too big. The guys
> that I work with reckon that with our "standard" firewall-1 build, the
> machines can only handle 60 Mbps... and I'll need to put three of those to
> achieve 155 Mbps. That's a lot of admin work compared with, as you say,
> the PIXes. There there's only 1 conf to do, no OS to patch, etc, etc,
> etc...
>
> -- p.
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
