Without using a dynamic routing protocol you would be forced to run a long distance VRRP connection to make both firewalls exist in a HA cluster.
Long distance bridged connections general cause problems with latency that affect state synchronization. If you must use static routing then you will be forced to bridge your two firewalls together and build a HA cluster. Not good. Better to bite the bullet and go to dynamic routing. Advertize a NATed range to your partner and fail over by routing to your alternate site. Better still, advertise two ranges. One production, one contingency and that way you can always test contingency without affecting production systems. Mike Hawkins -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, FeEbruary 25, 2005 4:59 PM To: [email protected] Subject: [FW-1] High Avalability Question All I have 2 sites Production and DR. Currently my production site has a firewall back to bank to another firewall (our partner) and all routing is static. I am in a middle of building a DR site and would like to have the same functionality and be able to fail over with out manual intervention, still keeping static routing from the firewall to our partner. Internal Network has static routes for partners network is available via VRRP address of the firewall. Internally i am running OSPF. any one here has done this ? or have any suggestions ? ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- ------------------------- The information contained in this email is confidential and may also contain privileged information. Sender does not waive confidentiality or legal privilege. If you are not the intended recipient please notify the sender immediately; you should not retain this message or disclose its content to anyone. Internet communications are not secure or error free and the sender does not accept any liability for the content of the email. Although emails are routinely screened for viruses, the sender does not accept responsibility for any damage caused. Replies to this email may be monitored. For more information about the Collins Stewart Tullett group of companies please visit the following web site: www.cstplc.com ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- -------------------------- ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
