RE: [FW1] Fw-1 w/ Radware Fireproof

Wed, 09 Aug 2000 11:59:27 -0700 


Unless I'm missing something, each of the firewalls has a seperate valid
routable internet IP.  Sessions originated by them would have their IP in
the source field, and therefore responses would come back to that particular
firewall.  What I'd be more worried about is how sessions which are
initiated outside (say http requests, SMTP traffic, etc) would be balanced
across walls.  I'm sure someone on this list can address that.

-----Original Message-----
From: Charles M. Gagnon [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 09, 2000 1:10 PM
To: [EMAIL PROTECTED]
Subject: [FW1] Fw-1 w/ Radware Fireproof



I couldn't find a fireproof mailing list per say so I figured
someone on this list might know. We currently use two
CheckPoint FW-1 boxes (Sun) and we fail over using OSPF. I'm
interested in implementing Load-balancing using Radware's
Fireproof box but I have one question left. In the proposed
design:

                         b.10    c.10
                         -----FW1-----        
    a.1   a.2      b.1   |           |    c-1
ROUTER-----FireProof-----|           |----Edge Router
                         |           |        
                         -----FW1-----        
                         b.20    c.20

I understand how the _outbound_ traffic would be load
balanced. What I would like to know is how am I sure that the
*returning* traffic from open sessions, will go back the
firewalls that originated them.

This is clearly adverstised as a valid design by Radware but
I'm not sure how this would happen. In other words, I start a
telnet session from the inside to the outside. By the
algorythm, it ends up going out through the bottom FW box.
What do I do to make the return traffic of this session will
also get to the bottom FW box?

Thanks.

-- 
Charles Gagnon                   | My views are my views and they
http://unixrealm.com             | do not represent those of anybody
[EMAIL PROTECTED]           | but me.

   To err is Human, to forgive is against Departmental Policy!


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to