RE: Redundant firewall

[Ben Keepper]

It is my understanding that the Nokia/Checkpoint solution doesn't really load balance inbound connections (in the case of Internet traffic inbound for web servers).  Nokia's VRRP uses virtual IP (VIP) addresses, which can work well for statically balancing internal users going out (since active firewall is determined by source IP address (in most cases, hey these IP addresses, go firewall A, these other IP addresses go out firewall B).  This would be very difficult to configure for inbound connections, as the sources IP addresses would vary.   A solution like StoneBeat or Rainfinity (also using VIPs), or some hardware solutions (Radware, Foundry, etc) actually balance dynamically based upon some predefined algorithm (like round robin) or based upon server load (or other parameters).         -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Vijay V Sent: Thursday, August 17, 2000 4:03 AM To: [EMAIL PROTECTED] Subject: Redundant firewall Hi  All,   Any pointers on how to setup redundant firewall with FW-1 so if one fails other one should take over. i am not plannig for a backup kind of firewall, i want both the firewalls to be live on the network.     Thanks   Vijay