Any comments on the following?
We are currently running FW1 v4.0 SP8 on a single HP9000 server and are looking at a
solution for improving our services by installing some form of HA product for FW1..
Are there any limitations with the Nokias and the failover of connections using VRRP
monitored circuits? We use ISAKMP (3DES) and FWZ (DES) encryption methods at the
moment. Will these failover okay?
Our problems may come with the HA working with our switches and our routing scenario.
We want to make the network as dynamic as possible, so everything learns when new kit
is added. Don't really want to have static routes on the firewall as there are just
too many. Prefer to listen to OSPF.. Connected to the firewall is two Cisco 5500
(running HSRP on the firewall side link) for client links, two 6500 on the internal
(HSRP again) and the ISP link is connected directly the firewall via a router with
ACL.
Any other recommendations or limitations to watch out for of these HA products, or
funnys on the way they work?
We have one token ring too currently on the firewall, we here that can be problematic,
but we could loose that.
Really its between Nokias and StoneBeat-HA or FullCluster.
Andrew Lagden
Unix Administrator
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
