bkeepperhome.com

• Next message: Ross Havens: "Using 10/100 Switch for Home network"
• Previous message: Ivan Fox: "Re: Redundant firewall"
• Maybe reply: Ben Keepper: "RE: Redundant firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It is my understanding that the Nokia/Checkpoint solution doesn't really
load balance inbound connections (in the case of Internet traffic inbound
for web servers). Nokia's VRRP uses virtual IP (VIP) addresses, which can
work well for statically balancing internal users going out (since active
firewall is determined by source IP address (in most cases, hey these IP
addresses, go firewall A, these other IP addresses go out firewall B). This
would be very difficult to configure for inbound connections, as the sources
IP addresses would vary.

A solution like StoneBeat or Rainfinity (also using VIPs), or some hardware
solutions (Radware, Foundry, etc) actually balance dynamically based upon
some predefined algorithm (like round robin) or based upon server load (or
other parameters).

  -----Original Message-----
  From: firewalls-ownerLists.GNAC.NET
[mailto:firewalls-ownerLists.GNAC.NET]On Behalf Of Vijay V
  Sent: Thursday, August 17, 2000 4:03 AM
  To: firewallsLists.GNAC.NET
  Subject: Redundant firewall

  Hi All,

  Any pointers on how to setup redundant firewall with FW-1 so if one fails
other one should take over.
  i am not plannig for a backup kind of firewall, i want both the firewalls
to be live on the network.

  Thanks

  Vijay

-
[To unsubscribe, send mail to majordomolists.gnac.net with
"unsubscribe firewalls" in the body of the message.]

• Next message: Ross Havens: "Using 10/100 Switch for Home network"
• Previous message: Ivan Fox: "Re: Redundant firewall"
• Maybe reply: Ben Keepper: "RE: Redundant firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]