I implemented a F5 Big/IP for load balancing/HA two Check Point Firewalls
running on NT. If you have a simple setup it works great and it is easy.
If you have a complex setup with lots of inbound and outbound connections on
different ports etc.. It is a little more challenging, but it can be done
(that is the setup we are using now). With Big IP I am able to check if the
security servers are up on a given firewall so if the firewall partially
fails, it automatically reroutes the packets through the other firewall. So
not only is this a load balancer, but a HA device as well. Sometimes certs
are not always needed.
Steven Zimmerman
CIO
IR Network Solutions
770-277-9877 Office
770-237-5497 Fax
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Aaron
Turner
Sent: Monday, July 17, 2000 1:15 PM
To: Robert MacDonald
Cc: [EMAIL PROTECTED]
Subject: Re: [FW1] F5's Big/IP load balancing and HA
If there isn't a need for a great deal of interoperability then why hasn't
F5 gotten the certification? They aren't even listed as a partner last I
checked. Maybe it does work great, but it indicates to me that F5 doesn't
feel for whatever reason (technical or otherwise) that they want to
support the Big/IP product in a Firewall-1 environment. What happens if
it doesn't work right out of the box and you need help? Who's going to
support the hardware/configuration?
RadWare on the otherhand has a dedicated box for load balancing web
servers (the WSD) and another series of hardware for firewalls
(FireProof).
I'm not saying it won't work. Just in my experiance don't by hardware
with the intent of doing something with it that the vendors own marketing
department doesn't think you should use it for. YMMV of course.
--
Aaron Turner [EMAIL PROTECTED] 650.237.0300 x252
Security Engineer Vicinity Corp.
Cell: 408-314-9874 http://www.vicinity.com
On Mon, 17 Jul 2000, Robert MacDonald wrote:
>
> Why? The need for interoperability. Currently there isn't
> much(that I'm aware of).
>
> If the two never interacted(directly), then OPSEC
> compliance is not that important.
>
> And just like firewalls, buying a load balancer is
> dependent on your requirements. The 'best' is the
> one that fits for you.
>
> Robert
>
> - -
> Robert P. MacDonald, Network Engineer
> e-Business Infrastructure
> G o r d o n F o o d S e r v i c e
> Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>
> >>> Aaron Turner <[EMAIL PROTECTED]> 7/13/00 7:02:02 PM >>>
> >
> >I'd point out that the Fireproof is OPSEC certified and the Big/IP is
not.
> >One has to wonder why that is... With that said, I've heard some good
> >things about the Fireproof and I like RadWare in general (we've got a
> >bunch of their WSD-NP's).
> >
> >--
> >Aaron Turner [EMAIL PROTECTED] 650.237.0300 x252
> >Security Engineer Vicinity Corp.
> >Cell: 408-314-9874 http://www.vicinity.com
> >
> >On Thu, 13 Jul 2000, Ivan Fox wrote:
> >
> >> F5's Big/IP was recommended to us instead of RadWare's Fireproof.
> >>
> >> Any comments/pointers about these two products are appreciated.
> >>
> >> Thanks,
> >>
> >> Ivan
>
>
>
>
>
============================================================================
====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
