hi,
For failover you need a second/backup link. Moreover - you can configure
Encryption on FW on FRelay.
Regards
Rajveer
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [SMTP:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Girard
> Moussa
> Sent: Friday, March 26, 2004 8:07 AM
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: [FW-1] To VPN or not to VPN - that is the question...
>
> Dear All,
>
> Here goes:
>
> Scenario: Two Gateways, managed by same mgmt station. Connected via
> frame relay, therefore traffic traversing in the clear. The gateways are
> also connected to the internet.
>
> Requirement: Should the frame relay link go down, traffic should
> traverse over the internet via a VPN tunnel. This has to be done
> automatically without any changes during the failover.
>
> Question: How is that possible or is it even possible? I can configure
> dynamic routing and route the traffic through the internet interface,
> but how can I have the rulebase configured to understand when to send it
> in clear text and when encrypt it? The communication will always be
> between the encryption domains i.e. encryption will try to take place
> every time with simplified VPN. I cannot have a VPN up on the frame
> relay since there already are other VPN tunnels configured on the
> internet interface with other sites and as you all know, you can have as
> many tunnels as you want as long as you use only one interface at a time
> :)
>
> Thanks in advance.
>
> Regards,
> Girard Moussa
>
> __________________________________________________________________________
> _____________
> This email (and attachements) may contain privileged / confidential
> information.
> If you are not the addressee (or responsible for delivery of this
> message) any use,
> forwarding, printing or copying of this email is strictly prohibited. In
> such case, you
> should destroy this message and kindly notify the sender. Opinions,
> conclusions
> and other information in this message that do not relate to the official
> business of
> Advance Vision Technology (Aust) Pty Ltd shall be understood as neither
> given
> nor endorsed by it.
> __________________________________________________________________________
> ______________
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
