Shawn,
Off the top of my head, why not setup two Websense boxes and
reference them through a virtual IP? The your fw can still see the
'one' system, but there will be more than one for HA.
I don't know Websense, so I don't know if these systems
connect to the firewall(s) which might throw a wrench into the mix.
Robert
- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n F o o d S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>>> Shawn Chandler <[EMAIL PROTECTED]> 6/8/00 5:42:10 PM >>>
>
>Hey folks...
>
>I'm in the middle of designing a high-availability Firewall-1 solution for
>a client. So far what I've got is two Sparc based machines running
>CP2000 and Stonesoft FullCluster with an NT management server.
>One of the requirements for the project is that WebSENSE for FW-1
>run and be redundant is some fashion. Since I can only specify my
>UFP resource to one server (and there is no redundancy capability
>built into WebSENSE) it would require me to modify my ruleset if
>one of the firewalls failed (the WebSENSE daemon will be running on
>both of the firewalls).
>
>Does anyone know of a way around this? I've thought about loading
>WebSENSE on a seperate machine but this still gives me a single
>point of failure. Any suggestions would be greatly appreciated. TIA!
>
>Shawn
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
