Not that I know of. The only two vendors I am aware of that have this
feature are Cisco and Nokia (Cisco calls it HSRP - Hot Swap Routing
Protocol I beleive). I was told Nokia (previously Ipsilon Router Group)
co-developed the standard (VRRP - Virtual Router Redundancy Protocol) with
Cisco.
You have a seperate state link, but VRRP is what provides the actual
fail-over.
Basically, you have 2 real IP's and a virtual IP/MAC. If the primary
firewall fails, it shuts down all interfaces and th secondary takes
ownership of the virtual IP. If the primary comes back up, the IP is
handed back to it. Fail-over/Fail-back. We put state information on
it's own dedicated link because it updates the table every 50ms.
Carric Dooley
COM2:Interactive Media
http://www.com2usa.com
On Wed, 19 May 1999, Bill Husler wrote:
> Is there a VRRP implementation for Solaris? I didn't find any
> reference to Sun at the ietf URL below.
> Bill
>
> "Clark, Steve" wrote:
> >
> > I too worked for a var that sold Nokia before. We has some early problems
> > with features in the Nokia version of Checkpoint vs the Checkpoint release,
> > but that seems to have been addressed. We set up high availability
> > solutions for numerous customers and it is definitely a better solution that
> > unsupported OSPF running on a UNIX box with Stonebeat. It is my
> > understanding the VRRP is very similar to Cisco HSRP, as a matter of fact
> > you can run the full Cisco routing software and skip the router. I think
> > overall the solution is less money too.
> >
> > I am pretty sure that the remote office VPN solution from Checkpoint is an
> > OEM version of the smaller Nokia box.
> >
> > steve clark
> > network-1
> >
> > -----Original Message-----
> > From: frank darden [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, May 18, 1999 11:08 PM
> > To: 'Carric Dooley'; 'Chris Shenton'
> > Cc: [EMAIL PROTECTED]
> > Subject: RE: Firewall-1 "high availability" state sync feature?
> >
> > Although my company (cough) sells the Nokia solution, I can tell you that
> > they work as advertised. VRRP is not proprietary. Here is the link for the
> > RFC
> > http://www.ietf.org/html.charters/vrrp-charter.html
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Carric Dooley
> > Sent: Tuesday, May 18, 1999 10:10 PM
> > To: Chris Shenton
> > Cc: [EMAIL PROTECTED]
> > Subject: Re: Firewall-1 "high availability" state sync feature?
> >
> > I am using it with the Nokia firewalls. These have a proprietary protocol
> > called VRRP. This handles failover. I am really impressed.
> >
> > Carric Dooley
> > COM2:Interactive Media
> > http://www.com2usa.com
> >
> > On 18 May 1999, Chris Shenton wrote:
> >
> > > Anyone using Firewall-1's state synchronization feature between a pair
> > > of firewalls to get high availability? If so, how do you like it? Are
> > > you implementing the fail-over with dynamic routing or using some
> > > third party product like they ones on their OpSec page?
> > >
> > > Thanks.
> > >
> > > -
> > > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > "unsubscribe firewalls" in the body of the message.]
> > >
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
