Re: FW-1 Failover

[Carric Dooley <carric () com2usa com>]

Do what I did with my last client.. suggest the Nokia boxes.  You will
thank each other.  They configure flawlessly for fail over, they have
triple the throughput of NT, they come with 4 port NIC's and they do not
have the aministrative overhead of either a Unix box or... dare I say?? an
NT box.  No hardening of the OS, just slep 'em in and fire 'em up.  Set
them up with VRRP and you are cooking.  I have never actually see the PIX
firewalls fail over... I have seen them fail.  ;)

Give it some thought and do some research.  I have made our pair of Nokia
IP440's fail-over and fail back at least 50 times with no hickups.  I
tested it while pulling an FTP session accross them.  Most windows clients
won't even notice (since the meter for throughut is usually an average).
They fail over in about 2 to 3 seconds, and back in the same amount of 
time.  It is really impressive.  And the argument of "We don't have any
unix guys to administer the box" falls flat.

Carric Dooley
COM2:Interactive Media
http://www.com2usa.com

On Tue, 22 Jun 1999, Kelvin Garrahan wrote:

> Hi all,
>
> I am thinking of using FW-1 for a internal Firewall which will segregate
> four networks of different security levels. The configuration is to be on
> NT, with four Ethernet cards. The choice of platform is customer driven, my
> original plans where to use Cisco's PIX. The main problem I have is
> providing failover for the FW-1. With PIX this is not a problem. I know FW-1
> supports failover/load sharing, but will this work with four interfaces?
>
> Has anyone any experience with creating resilience for multiple DMZ FW-1
> configurations?
>
> Regards
>
> Kel.
>
> Kelvin Garrahan
> Internet Technologies Consultant.
> Network Services,
> Park House,
> N.C.R.,
> Dublin 7.
> > kelvin.garrahan () compaq com