On Wed, Aug 09, 2000 at 01:55:13PM -0500, Jarmoc, Jeff wrote:
> Unless I'm missing something, each of the firewalls has a seperate valid
> routable internet IP. Sessions originated by them would have their IP in
> the source field, and therefore responses would come back to that particular
> firewall. What I'd be more worried about is how sessions which are
> initiated outside (say http requests, SMTP traffic, etc) would be balanced
> across walls. I'm sure someone on this list can address that.
We are not NATting on the firewalls. So no, the firewalls
won't replace the SRC address in the packets. The edge router
will use it's routing table to send the packets back. The
routing table will point to one firewall or the other, not
both. So half the packets returning to the originator of the
session will go through the wrong firewall.
Unless I'm terribly mistaking, I think the desing I was
looking to do is only valid if the Firewall are NATing with
their outside interface's address.
If no NAT is setup, you need a Fireproof on each side.
> -----Original Message-----
> From: Charles M. Gagnon [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, August 09, 2000 1:10 PM
> To: [EMAIL PROTECTED]
> Subject: [FW1] Fw-1 w/ Radware Fireproof
>
>
>
> I couldn't find a fireproof mailing list per say so I figured
> someone on this list might know. We currently use two
> CheckPoint FW-1 boxes (Sun) and we fail over using OSPF. I'm
> interested in implementing Load-balancing using Radware's
> Fireproof box but I have one question left. In the proposed
> design:
>
> b.10 c.10
> -----FW1-----
> a.1 a.2 b.1 | | c-1
> ROUTER-----FireProof-----| |----Edge Router
> | |
> -----FW1-----
> b.20 c.20
>
> I understand how the _outbound_ traffic would be load
> balanced. What I would like to know is how am I sure that the
> *returning* traffic from open sessions, will go back the
> firewalls that originated them.
>
> This is clearly adverstised as a valid design by Radware but
> I'm not sure how this would happen. In other words, I start a
> telnet session from the inside to the outside. By the
> algorythm, it ends up going out through the bottom FW box.
> What do I do to make the return traffic of this session will
> also get to the bottom FW box?
>
> Thanks.
>
> --
> Charles Gagnon | My views are my views and they
> http://unixrealm.com | do not represent those of anybody
> [EMAIL PROTECTED] | but me.
>
> To err is Human, to forgive is against Departmental Policy!
>
>
> ============================================================================
> ====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ============================================================================
> ====
--
Charles Gagnon | My views are my views and they
http://unixrealm.com | do not represent those of anybody
[EMAIL PROTECTED] | but me.
If a parsley farmer is sued do they garnish his wages?
-- Dennis Miller
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
