RE: Hardware vs. Software firewall reliability

dwelchphoneboy.com
12 Sep 1999 12:11:02 -0700

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Randy Witlicki: "Re: Vague JetDirect Problem"
• Previous message: fgbdomain.com.br: "ipfwadm X ipchains"
• Next in thread: Joe Ippolito: "RE: Hardware vs. Software firewall reliability"
• Reply: Joe Ippolito: "RE: Hardware vs. Software firewall reliability"

On Fri, 10 September 1999, "Aaron D. Turner" wrote:

> I thought the problem with H/A and VPN is only one of the firewalls
> can have the VPN "certificate". When the primary fails and the
> secondary takes over the remote site aborts the VPN because the
> secondary has the wrong cert. The fix is to manually update the
> certificates (or perhaps via a script).

What works the best, at least until FireWall-1 4.1 is generally available which will supposedly support HA VPNs, is to have a shared disk between your two firewalls and they basically share the same configuration. This is how it used to be set up with FirstWatch and the various versions of the Qualix stuff. The Nokia platform has it's own way of dealing with HA VPNs in the newest version of it's OS, but it requires Nokias at each end.

--
Dameon D. Welch, a.k.a. PhoneBoy (dwelchphoneboy.com)
Check Point FireWall-1 FAQs at http://www.phoneboy.com/fw1/
The views expressed herein are not necessarily those of anyone else.
--
Signup for your free USWEST.mail Email account http://www.uswestmail.net






Next message: Randy Witlicki: "Re: Vague JetDirect Problem"
Previous message: fgbdomain.com.br: "ipfwadm X ipchains"

Next in thread: Joe Ippolito: "RE: Hardware vs. Software firewall reliability"
Reply: Joe Ippolito: "RE: Hardware vs. Software firewall reliability"







This archive was generated by hypermail 2.0b3 
on Tue Sep 14 1999 - 20:58:13 CDT