I run multiple clusters of Compaq/HP Redhat 7.2 NG FP3 and
multiple clusters of Sun SPARC 4.1 firewalls and have had no problems
with either. The performance of the Redhat is great depending on the
hardware being used, the type of network card makes the biggest
difference. Availability is equal, outside of the patches the servers
and firewall software the servers have not had to be rebooted once; if
they do need to be rebooted this is were your clusters come into play
both HA and Load Sharing.
If you are going to use SPLAT then you need to make sure that
your NIC's and RAID controllers are supported (Last time I checked SPLAT
only used the bcm5700 driver which I have had problems with on Compaq
multi-proc machines) if not I would suggest just running a hardened
version of Redhat 7.2 (i.e. Stripped to the bone and patched), running
the systems in this fashion will give you more options as far as
compiling required drivers since I have not seen a source release of the
Checkpoint compiled kernel for SPLAT.
I have run into issues were the Compaq gear (DL560G2,DL360G2/G3)
will not support the stated amount of interface running under Redhat 7.2
2.4.9-31, I have been unable to find a workaround to this. I have
tested both HA and Load Sharing but opted to go with a 3rd party product
instead of ClusterXL which in my opinion is not very good under FP3.
Chris Burton
Network Engineer
Walt Disney Internet Group: Network Services
-----Original Message-----
From: Security Guy [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 13, 2003 8:46 AM
To: [EMAIL PROTECTED]
Subject: [FW-1] [FW1] making the switch -nokia to servers-
We are thinking of making the switch from Nokias [ip 440's] to running
our firewall using secure platform on Intel hardware. In theory it
sounds great, and of course the salesman made it sound like an easy
transition. But I'm wondering if their are any hidden gotchas?
We are a Compaq/HP shop so we would have dual DL 380s with a 2 Ghz or
higher CPU / 40 gig hard drive and 1-2 Gig of ram.
Such as:
1. Is secure remote as stable and robust as a comparable Nokia
appliance?
2. Almost a repeat of 1, how about uptime? are they rock-solid?
3. Just how easy is the patching? i.e., updating to the latest feature
pack?
4. NG question, is the VPN client or firewall support better than 4.1?
5. Any noticeable increase in overall throughput?
6. Any problems support multiple Nics? is there a limit on the number of
interfaces?
7. Just how good is the built in IDS, does it compare at all to ISS
->Realsecure?
8. How does the web interface compare to "voyager
9. Is HA better, or worse than VRRP?
I'm just a little leary moving away from the Nokias, they have been rock
solid for us. We are working on 300 plus days of uptime. We've had one
harddrive failure in 3 yrs but other than that they have been very good
to us. To switch or not, that is the question.
Thanks
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
