[FW-1] Checkpoint HA, switches and VLANs

Fri, 14 Mar 2003 08:19:37 -0800 

Hi all,
I want to build following configuration:
2 FW-1 ( on Nokia IP platform if that matter ) configured as HA
couple.
I have around 4 DMZs, so I want to use 802.1q ( VLAN tagging ) on one
of the nokia's interfaces and separate the VLANs in Cisco switches (
2905 for example ) and to ensure complete network redundancy. Actually
I want to use 2 more switches in front of the firewalls for the same
reason.
It should look like this:


    ----------   VLAN 1,2,3,4      ----------------------
---|  FW -1   |-------------------| Cisco 2905           |
    ----------                /    ----------------------
     |         \            /       |     |      |     |
     |           \        /       Vlan1 Vlan2  Vlan3  Vlan4
     |             \    /          |     |      |      |
     |               \/          DMZ1   DMZ2  DMZ3   DMZ4
     |             /  \           |     |      |      |
     |           /      \        Vlan1 Vlan2  Vlan3  Vlan4
     |         /          \       |     |      |      |
    ----------              \     ----------------------
---|  FW -1   |------------------| Cisco 2905           |
    ----------   VLAN 1,2,3,4     ----------------------

 Sorry for sloppy ACSI graphic.
Ok, I'd like to ask some questions:
1. Is there a document describing such installation ?
2. Is someone build something like it ?
3. In Nokia documentation is recommended to disable Spanning Tree
Protocol ( or use hub ), but if I do that I'm unable to configure VLANs. If I enable
Spanning Tree, then if failover occurs, then until switches MAC table
expires and they learn that MAC of the FW in on other port will be
some time, and then most of the sessions will expire.
4. Is there other way to achieve network redundancy. Customers don't
like when spend some thousands of $ for High Availability and then
whole network goes down because of $ 30 hub.

Many thanks in advance,

--
Peter Kirkov
Support Engineer
________________________________________________
ACT Sofia
Tzarigradsko shosse blvd. 7km
BIC-IZOT, Office 710-714  Tel: +359-2-9718354
1113 Sofia - Bulgaria     Fax: +359-2-9718343
                          mobile: +359-89-919638

mailto:[EMAIL PROTECTED]

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================

Reply via email to