|
Hi all, Checkpoint firewalls have intrinsic load balancing capabilities, and they
have stateful failovers between the active and standby firewalls.
Meaning in this case there would be no need
for the client to re establish the connection via the 3 way
handshake.
So when packets arrive at the firewall
with non expected sequence numbers, they are still let through as long as the ip
address are ok?
<no hands on on checkpoint, based on
literature>
I have come across clients that state their primary worries was the
integrity of the databases in
opting for this solution. As they fear a situation in where a firewall goes
down and a transaction is lost,
especially for financial transactions.
My question is.
1.0 From a security viewpoint would stateful failover of firewalls be a
plus or minus.
2.0 Is it that difficult to ensure that the DB be consistent without
depending on external devices, I mean this would involve
greater resources on commits, precommits
etc.
3.0 What is the probability of an attacker being able to trigger a
stateful failover and taking advantages of this.
Nothing too heated please.
Thanks and regards
Don Ng
|
- RE: Statefull failover in High Availabilty /clustering fi... Don Ng
- RE: Statefull failover in High Availabilty /clusteri... Hiemstra, Brenno
- RE: Statefull failover in High Availabilty /clusteri... Hiemstra, Brenno
- RE: Statefull failover in High Availabilty /clusteri... Hiemstra, Brenno
