I am assuming that your partner primary and contingency sites are distance
separated.
Under those circumstances you can either use a routing protocol to redirect
traffic to the alternate site or you can use some sort of dynamic DNS where
if your primary site fails to respond the DNS will automatically redirect
requests to the contingency site.
Since you have excluded routing you are stuck with dynamic dns.
Mike Hawkins
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of mastergg
Sent: Saturday, February 26, 2005 10:22 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] FW: [FW-1] High Avalability Question
Hello David,
Saturday, February 26, 2005, 10:02:58 PM, you wrote:
RD> Without using a dynamic routing protocol you would be forced to run a
RD> long distance VRRP connection to make both firewalls exist in a HA
RD> cluster.
RD> Long distance bridged connections general cause problems with latency
RD> that affect state synchronization.
RD> If you must use static routing then you will be forced to bridge your
RD> two firewalls together and build a HA cluster. Not good.
RD> Better to bite the bullet and go to dynamic routing.
RD> Advertize a NATed range to your partner and fail over by routing to your
RD> alternate site.
RD> Better still, advertise two ranges. One production, one contingency and
RD> that way you can always test contingency without affecting production
RD> systems.
RD> Mike Hawkins
RD> -----Original Message-----
RD> From: Mailing list for discussion of Firewall-1
RD> [mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of
RD> mastergg AT OPTONLINE DOT NET
RD> Sent: Friday, FeEbruary 25, 2005 4:59 PM
RD> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
RD> Subject: [FW-1] High Avalability Question
RD> All
RD> I have 2 sites Production and DR. Currently my production site has a
RD> firewall back to bank to another firewall (our partner) and all routing
RD> is static. I am in a middle of building a DR site and would like to have
RD> the same functionality and be able to fail over with out manual
RD> intervention, still keeping static routing from the firewall to our
RD> partner. Internal Network has static routes for partners network is
RD> available via VRRP address of the firewall. Internally i am running
RD> OSPF.
RD> any one here has done this ? or have any suggestions ?
RD> =================================================
RD> To set vacation, Out-Of-Office, or away messages, send an email to
RD> LISTSERV AT amadeus.us.checkpoint DOT com
RD> in the BODY of the email add:
RD> set fw-1-mailinglist nomail
RD> =================================================
RD> To unsubscribe from this mailing list,
RD> please see the instructions at
RD> http://www.checkpoint.com/services/mailing.html
RD> =================================================
RD> If you have any questions on how to change your subscription options,
RD> email fw-1-owner AT ts.checkpoint DOT com
RD> =================================================
Mike
Thank you very much for responding, but i just want to clarify that my
partner doesn't want to run a routing protocol with me, and i run
clusters in production and Disaster recovery. If i loose a
pair of firewalls in Prod location (my firewalls directly connected to
my partner I am colo at my partners site) i want to fail over to the
disaster
recovery site that is also directly connected to the same partner.
--
Best regards,
mastergg mailto:mastergg AT optonline DOT net
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
----------------------------------------------------------------------------
----------------------------------------------------------------------------
-------------------------
The information contained in this email is confidential and may also contain
privileged information. Sender does not waive confidentiality or legal
privilege. If you are not the intended recipient please notify the sender
immediately; you should not retain this message or disclose its content to
anyone.
Internet communications are not secure or error free and the sender does not
accept any liability for the content of the email. Although emails are
routinely screened for viruses, the sender does not accept responsibility
for any damage caused. Replies to this email may be monitored.
For more information about the Collins Stewart Tullett group of companies
please visit the following web site: www.cstplc.com
----------------------------------------------------------------------------
----------------------------------------------------------------------------
--------------------------
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
