Viable perhaps, but an unnecessarily expensive way to go. With any
switch-based HA solution, you'll need a pair of switches on every subnet
connected to the firewall to ensure transparent failover and no single
point of failure. That's a minimum of 4 switches for a basic
public/private network. Check out section 3.2.5 of this white paper for
more info:
http://www.rainfinity.com/pdf/wp_increasing_fw_capacity.pdf
Also, be aware that Cisco 11000 switches are only OPSEC-certified for
use with 4.0, but not with 4.1/VPN. More info at:
http://www.checkpoint.com/opsec/partners/cisco.html
Best regards,
Mark L. Decker
Rainfinity - High Availability for E-Business
408-382-4870
[EMAIL PROTECTED]
-----Original Message-----
From: Sawyer, Douglas (D.G.)
Sent: Monday, July 09, 2001 12:12 PM
To: '[EMAIL PROTECTED]'
Subject: [FW1] HA using Cisco content switches
Has anyone used Cisco's 11150 series content switch for HA on firewalls?
I would be interested in knowing the outcome. Also if you used VPN, does
fail over work without re-keying?
I am aware of required changes to Objects.C and the syncing between
FW's. However my main interests lies in wither or not this is a viable
means of HA vs. other software products available.
Thanks!
Doug
========================================================================
========
To unsubscribe from this mailing list, please see the instructions
at
http://www.checkpoint.com/services/mailing.html
========================================================================
========
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
