Re: [FW1] HA Question

Mark . Boltz Sun, 18 Mar 2001 08:48:03 -0800


Chuck,

Although it won't operate as you desire "out-of-box", Stonesoft's StoneBeat
FullCluster can be configured through the customizable test subsystem to
function as you requested. Using several interface-linkstatus tests and
some basic shell scripts, it can perform failover per interface. You would
have to twiddle with the scripts on your own, however, to get them to
perform exactly as you desire.

----------------------------------------------------------------
Mark Boltz                                       Stonesoft, Inc.
Network Security Specialist           115 Perimeter Center Place
[EMAIL PROTECTED]              South Terraces, Suite 1000
Tel: +1 770 668 1125                           Atlanta, GA 30346
Cel: +1 404 386 8500                                         USA
Fax: +1 770 668 1131                    http://www.stonesoft.com

Support: 1-866-435-7324 (US Toll Free)
Support: 1-678-259-3400


                                                                                       
                                                   
                    "Little, Chuck"                                                    
                                                   
                    <[EMAIL PROTECTED]>                   To:     
<[EMAIL PROTECTED]>                        
                    Sent by:                                    cc:                    
                                                   
                    [EMAIL PROTECTED]        Subject:     [FW1] HA 
Question                                            
                    kpoint.com                                                         
                                                   
                                                                                       
                                                   
                                                                                       
                                                   
                    03/13/2001 05:11 PM                                                
                                                   
                                                                                       
                                                   
                                                                                       
                                                   






We have been researching various High Availability products for Checkpoint
Firewall-1
(running on Solaris 7), and we haven't had any luck locating a product that
does what
we are looking for. Example: a pair of CP FW-1 4.1 SP2 firewalls, with ~6
internal
interfaces. If we lose one of the internal interfaces, that entire node
drops out of
the cluster, rather than the traffic for only that interface rolling over
to the "good"
node.

Is there an HA product for CP Firewall-1 that does HA on a Per Interface
basis, rather
than "all or none" (e.g. lose one interface, that firewall drops out of the
cluster.)?
Rainwall doesn't, Stonebeat doesn't, and Checkpoint HA doesn't.

This seems like a product/feature that would have been requested before
(not
according to the vendors I have spoken with. Apparently it's a feature
that's never
been requested.).

So how does everyone else handle HA? Is it strictly "all or none", is there
a product
I've missed in my research, or is it pretty much a script your own type of
deal?

###########################
  Chuck Little
  Security Engineer
###########################






================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================
Re: [FW1] HA Question

Reply via email to
