Hello David,
Saturday, February 26, 2005, 10:02:58 PM, you wrote:
RD> Without using a dynamic routing protocol you would be forced to run a
RD> long distance VRRP connection to make both firewalls exist in a HA
RD> cluster.
RD> Long distance bridged connections general cause problems with latency
RD> that affect state synchronization.
RD> If you must use static routing then you will be forced to bridge your
RD> two firewalls together and build a HA cluster. Not good.
RD> Better to bite the bullet and go to dynamic routing.
RD> Advertize a NATed range to your partner and fail over by routing to your
RD> alternate site.
RD> Better still, advertise two ranges. One production, one contingency and
RD> that way you can always test contingency without affecting production
RD> systems.
RD> Mike Hawkins
RD> -----Original Message-----
RD> From: Mailing list for discussion of Firewall-1
RD> [mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of
RD> mastergg AT OPTONLINE DOT NET
RD> Sent: Friday, FeEbruary 25, 2005 4:59 PM
RD> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
RD> Subject: [FW-1] High Avalability Question
RD> All
RD> I have 2 sites Production and DR. Currently my production site has a
RD> firewall back to bank to another firewall (our partner) and all routing
RD> is static. I am in a middle of building a DR site and would like to have
RD> the same functionality and be able to fail over with out manual
RD> intervention, still keeping static routing from the firewall to our
RD> partner. Internal Network has static routes for partners network is
RD> available via VRRP address of the firewall. Internally i am running
RD> OSPF.
RD> any one here has done this ? or have any suggestions ?
RD> =================================================
RD> To set vacation, Out-Of-Office, or away messages, send an email to
RD> LISTSERV AT amadeus.us.checkpoint DOT com
RD> in the BODY of the email add:
RD> set fw-1-mailinglist nomail
RD> =================================================
RD> To unsubscribe from this mailing list,
RD> please see the instructions at
RD> http://www.checkpoint.com/services/mailing.html
RD> =================================================
RD> If you have any questions on how to change your subscription options,
RD> email fw-1-owner AT ts.checkpoint DOT com
RD> =================================================
Mike
Thank you very much for responding, but i just want to clarify that my
partner doesn't want to run a routing protocol with me, and i run
clusters in production and Disaster recovery. If i loose a
pair of firewalls in Prod location (my firewalls directly connected to
my partner I am colo at my partners site) i want to fail over to the disaster
recovery site that is also directly connected to the same partner.
--
Best regards,
mastergg mailto:mastergg AT optonline DOT net
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
