I wasn't sure if the scenario described was either VRRP or some other mechanism.
Routing sounds fine but you're at the mercy of the convergence times of your
chosen routing protocol. Though this may be quite quick, I'd have thought it
was still going to be slow compared to the sort of solution that actively
monitors firewall state.
Regards
[EMAIL PROTECTED] on 24/07/2000 14:24:31
To: Simon Devlin/GB/ABNAMRO/NL@ABNAMRO
cc: [EMAIL PROTECTED]
Subject: RE: [FW1] HA options using physically separated Nokia IP440's
VRRP is based on a Multicast protocol, therefore, it can't be used for HA
on two different lans. I would imagine simple routing would be the best
failover mechnism for two separate geographic sites.
HC
[EMAIL PROTECTED] on 07/24/2000 08:54:52 AM
To: [EMAIL PROTECTED]
cc: (bcc: Harry Chu/SIAC)
Subject: RE: [FW1] HA options using physically separated Nokia IP440's
Miles,
Could you expand a little please! Do you mean with VRRP?
Regards
[EMAIL PROTECTED] on 24/07/2000 13:52:15
To: Simon Devlin/GB/ABNAMRO/NL@ABNAMRO,
[EMAIL PROTECTED]
cc:
Subject: RE: [FW1] HA options using physically separated Nokia IP440's
Have experience of this working over two sites. Auto fail-over works fine
and within good time limits.
Miles.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: 24 July 2000 13:10
To: [EMAIL PROTECTED]
Subject: [FW1] HA options using physically separated Nokia IP440's
Hi all.
There's been quite a lot of traffic here recently about providing HA
designs
for environments using FW-1's based on NT or Unix flavours, either by using
software based products such as Rainwall or Stonebeat, hardware switches,
or
the
basic state sync approach.
What are the options for HA when using Nokia's? From what I have seen s/w
solutions don't cater for the Nokia's, and hardware (and VRRP) solutions
are
fine if the firewalls are in close proximity to each other, but what about
two
Nokia's, one each in each (distant) location - what then are the options
for
providing a reasonable level of fault tolerance?
Maybe the only option is to have a pair in each location making use of
VRRP?
This has some similarities I guess to the recent thread about dual-homing,
though this is on a private network rather than having to deal with ISP's.
Does anyone have any thoughts? Our integrator is coming in to discuss the
options, but forewarned is forearmed...
Regards
Simon
===========================================================================
=
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
===========================================================================
=
====
===========================================================================
=====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
===========================================================================
=====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
