-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Not really.. I don't think you can go below 50ms. That is about the
minimum window for actually performing the sync. Less than that and
you will be initiating syncs before the last sync is done, which
could cause serious problems (that is IF it actually will even try to
startn another sync in mid-operation). Think about it.. how many new
connections do you really think you are going to have within that
1/10th of a second? And will cutting that in half really help?
Carric Dooley
Network Security Consultant
"I have often regretted my speech, never my silence."
- - Xenocrates (396-314 B.C.)
- ----- Original Message -----
From: "Chuck Melanson" <[EMAIL PROTECTED]>
To: "'Carric Dooley'" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Friday, June 23, 2000 1:01 PM
Subject: RE: [FW1] FW Sync and Management
> Is there any benefit to reducing the state sync times? I remember
> reading that there is a lower limit, something about a 30ms delay,
> no matter what the sync timeout is - any more info on these
> numbers?
>
> Chuck.
>
> -----Original Message-----
> From: Carric Dooley [mailto:[EMAIL PROTECTED]]
> Sent: Friday, June 23, 2000 1:20 PM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: [FW1] FW Sync and Management
>
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> ???
> Not sure I follow the question, but I can tell you there are no
> issues with sync unless you are firewalling some really high
> bandwidht links. The sync feature pushes the state table to the
> stand-by FW every 100ms or so. Most any connection (except perhaps
> VPN connections) should keep right on going in the event of a
> failure on your primary FW. You see a 1 or 2 second "hick" and
> then it picks right back up again.. even mid transfer FTP sessions.
>
> Carric Dooley
> Network Security Consultant
>
> "I have often regretted my speech, never my silence."
> - - Xenocrates (396-314 B.C.)
>
>
>
> - ----- Original Message -----
> From: <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, June 23, 2000 12:10 PM
> Subject: [FW1] FW Sync and Management
>
>
> >
> > I have two nokia boxes that are configured to do connection table
> > sync. is there any issues for management of the two firewalls
> > regarding the sync? should there be any certain procedures for
> > applying changes to (one of the) firewalls in order to maintain
> > "established connections".
> >
> > JK.
> >
> >
> > ==================================================================
> > == ============
> > To unsubscribe from this mailing list, please see the
> > instructions at
> > http://www.checkpoint.com/services/mailing.html
> > ==================================================================
> > == ============
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.3 for non-commercial use
> <http://www.pgp.com>
>
> iQA/AwUBOVOOSVUqWOkDpMZ2EQK1WACg9xLnI+bZlpSlXiAapU0Wi4PPPdYAoNCY
> ngnLE+gGjRGC3bhOwtXIxUzx
> =hEKJ
> -----END PGP SIGNATURE-----
>
>
>
>
> ====================================================================
> ==== ========
> To unsubscribe from this mailing list, please see the
> instructions at
> http://www.checkpoint.com/services/mailing.html
> ====================================================================
> ==== ========
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBOVOagFUqWOkDpMZ2EQLjQwCgwBR1VLYwRTWcLBkRjy8QKu61Vn4AoOzB
SPd0t7d3Gby0sc8V9hf4ZpHY
=42bO
-----END PGP SIGNATURE-----
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
