Thanks, guys,
Yes, the client does run NGAI R55 and HFA with Solaris. I thought that:
1. ISP redundancy only runs on Linux not Solaris (at least not supported
that is what I have been told before by CheckPoint support) and it
requires that two ISPs' links have to be ended to one firewall or
cluster. Do you know what version of R55 with what HFA supports Solaris
ISP Redundancy?
2. Since the client will connect its two ISP in different locations
(i.e. one in NY and one in CT) and client does not want to extend the
same network between these two locations for firewalls which means the
firewalls in these two locations will have different IP addresses. I
don't think Cluster XL or StoneBeat will run load balancing and
StateSync in different networks according to CheckPoint and StoneSoft
support's words.
Also, Dhananjoy
Can you more elaborate that "If you are running NGAI R55 or above ,you
can use the ISP Redundancy feature in Load Sharing mode."? Do you mean
they run on the same network or different?
Ryan
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of John
Sims
Sent: Wednesday, April 27, 2005 4:55 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] Dual ISP Firewall Design Question
It is also important to note that ISP redundancy is limited by the OS.
Currently, only Solaris and Linux are capable of ISP redundancy - IPSO
is NOT capable at this time.
- john
-----Original Message-----
From: dhananjoy [mailto:dhananjoyc AT GMAIL DOT COM]
Sent: Wednesday, April 27, 2005 3:20 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] Dual ISP Firewall Design Question
Hi,
If you are running NGAI R55 or above ,you can use the ISP Redundancy
feature in Load Sharing mode.
This feature doesnt cost extra and comes along with R55.
You can use the existing Cluster but you need to do some tweaking in the
existing SBFC configs, NAT configs for servers in DMZ and also VPN
configurations.
On 4/27/05, Ruiyuan Jiang <Ruiyuan_Jiang AT liz DOT com> wrote:
>
> Hi, all
>
> My client currently has two firewall modules with StoneBeat
> fullcluster with one ISP which has BGP configuration. Now my client
> wants to change the setup to utilize two ISPs (i.e. one in NY, one in
> CT with different network number) instead of one ISP and BGP setup.
> What is the best way to accomplish this?
>
> The client is thinking that dismantle the firewall cluster and put one
> in CT and another one in NY as individual firewall to save firewall
> cost. For high availability of DMZ, it might need to setup two DMZs
> (one in CT and one NY) in case of the site failure. Do we need to have
> load balancer for ISP in front of firewalls to monitor the
> availability of ISPs? Internally the client is trying to use router to
control users'
> internet access with proxy server (i.e. NY users accessing internet
> using NY's ISP link, CT users accessing internet using CT's ISP link).
> Any recommendations? Thanks.
>
> Ryan
>
> =================================================
> To set vacation, Out-Of-Office, or away messages, send an email to
> LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your subscription options,
> email fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
--
Regards,
dhananjoy
India.
Phone : 091-9899602123
---------------------------------------------------------------
Registered Linux user # 375503
http://counter.li.org
---------------------------------------------------------------
Some men see things as they are and say why?
I dream things that never were and say "Why Not?"
-Robert F. Kennedy
=================================================
To set vacation, Out-Of-Office, or away messages, send an email to
LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options,
email fw-1-owner AT ts.checkpoint DOT com
=================================================
IMPORTANT: The information contained in this electronic message and/or
its attachments is intended only for the use of the individual(s) named
above and may contain information that is privileged and/or
confidential. If you are not the intended recipient, please notify the
sender immediately by reply and immediately delete this message and all
its attachments without making any copies or distributions thereof. Any
review, use, reproduction, disclosure or dissemination of this message
or any attachment by an unintended recipient is strictly prohibited and
may violate copyrights and/or other laws. Neither the sender, his or her
employer nor any of their respective affiliates makes any warranties as
to the completeness or accuracy of any of the information contained
herein or that this message or any of its attachments is free of
viruses.
=================================================
To set vacation, Out-Of-Office, or away messages, send an email to
LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options,
email fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
