Dear all,
I would like to seek for advice and recommendations on NG AI + state syncrhonization. There are two CheckPoint NG AI modules in my campus. The modules are running Windows 2000 server. These two modules are connected together by Foundry ServerIron switches for load balancing. I have successfully configured state synchronization on the CheckPoint modules. As a testing requirement, I need to test the CheckPoint modules under DDOS attacks. So I set up tfn2k to trigger a TCP SYN attack. The attack generated about 10Mbit/s traffic and passing through one of the firewall. The firewall crashed with blue screen (bad_pool_caller) within 30 seconds. During the test, a large number of UDP/8116 packets (which constitutes nearly 60Mbit/s) were flowing through the synchronization network. If I turned off state synchronization, then the firewalls can survive under the same TCP SYN attack. I would like to ask: 1) Could anyone give me more information about the mechanism of state synchronization? In particular, why 10Mbit/s traffic can lead to 60Mbit/s synchronization traffic. 2) Does anyone try NG AI and state synchronization? Is there any problem so far? 3) Is there any method to tune the state synchronization? Thanks in advance, Regards, K.H. Cheung Information Technology Services Ceter Hong Kong University of Science & Technology ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
