hi, For failover you need a second/backup link. Moreover - you can configure Encryption on FW on FRelay.
Regards Rajveer > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [SMTP:[EMAIL PROTECTED] On Behalf Of Girard > Moussa > Sent: Friday, March 26, 2004 8:07 AM > To: [EMAIL PROTECTED] > Subject: [FW-1] To VPN or not to VPN - that is the question... > > Dear All, > > Here goes: > > Scenario: Two Gateways, managed by same mgmt station. Connected via > frame relay, therefore traffic traversing in the clear. The gateways are > also connected to the internet. > > Requirement: Should the frame relay link go down, traffic should > traverse over the internet via a VPN tunnel. This has to be done > automatically without any changes during the failover. > > Question: How is that possible or is it even possible? I can configure > dynamic routing and route the traffic through the internet interface, > but how can I have the rulebase configured to understand when to send it > in clear text and when encrypt it? The communication will always be > between the encryption domains i.e. encryption will try to take place > every time with simplified VPN. I cannot have a VPN up on the frame > relay since there already are other VPN tunnels configured on the > internet interface with other sites and as you all know, you can have as > many tunnels as you want as long as you use only one interface at a time > :) > > Thanks in advance. > > Regards, > Girard Moussa > > __________________________________________________________________________ > _____________ > This email (and attachements) may contain privileged / confidential > information. > If you are not the addressee (or responsible for delivery of this > message) any use, > forwarding, printing or copying of this email is strictly prohibited. In > such case, you > should destroy this message and kindly notify the sender. Opinions, > conclusions > and other information in this message that do not relate to the official > business of > Advance Vision Technology (Aust) Pty Ltd shall be understood as neither > given > nor endorsed by it. > __________________________________________________________________________ > ______________ > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
