On the Nokia's it is a piece of cake. The IPSO operating system supports that natively. If you have access to the Nokia support site search the knowledgebase for VRRP & VRRP Monitored Circuits.
Solaris is probably going to be the same as I have found for Linux. You need a 3rd party HA solution. Here is what I have found:
Stonebeat - most CP resellers offer this, it provides HA & Load balancing
Costs $10k-$13k (quote was for 2 HA Linux FW's) Most of the comments I have heard have been positive.
Rainwall - haven't found a reseller that supports yet.
HA costs ~$5k, load balancing another $5k. Don't know of any installed to see how it works.
CheckPoint - very new, VAR's I spoke to hadn't tried yet.
Costs $10k for HA, load balancing not offered
We are looking for 2- 1u ha Firewalls so we are going to use Nokia IP330's. The cost of the HA software pays for the hardware. I got quotes for Nokia including hardware and for a Linux solution, software only and the Nokia was ~$700 cheaper. I just wish the Nokia's had 2 CPCI slots. One for additional ethernet ports and 1 for adding an encryption card if necessary later. For us an IP440 or IP650 wasn't an option because of limited space & power available at our colocation site. (the more space & power used by firewalls, less for www servers...)
We would have gone with the Nokia solution even if it wasn't cheaper. My comfort level with Nokia is much higher and this way we get support for 1 place for hardware, FW1 & HA instead of 3 different vendors.
There are several opensource HA projects but none of them are focused on routers/firewalls and none of them seem ready for a production environment yet.
This is just what I have found doing research & watching the list. The only HA solution I have actual experience with is Nokia.
-PaulK
*********************************************
Paul Keser
Network Security Engineer
[EMAIL PROTECTED]
tel: 415.351.4037
fax: 415.474.6017
ShopExpert.com
1375 Sutter Street, Suite 400
San Francisco, CA 94109
*********************************************
> -----Original Message-----
> From: Allison, Mark [mailto:[EMAIL PROTECTED]]
> Sent: Friday, June 09, 2000 11:19 AM
> To: [EMAIL PROTECTED]
> Subject: [FW1] HA solution
>
>
>
> We are running several CKPFW 4.0 firewalls on Solaris 2.6 and
> Nokia. None
> are HA currently. We need to upgrade and add HA
> functionality. With ease
> of configuration, support & mgmt, and the learning curve in
> mind, I would
> appreciate any practical experience comparisons between the two.
>
> Thank you.
>
> Mark Allison
> > 702-893-1646 voice
> > mailto:[EMAIL PROTECTED]
> >
> >
> >
> >
> >
> >
>
>
> ==============================================================
> ==================
> To unsubscribe from this mailing list, please see the
> instructions at
> http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
>
