Firewall Wizards mailing list archives
RE: FW-1 Failover
From: Carric Dooley <carric () com2usa com>
Date: Wed, 23 Jun 1999 09:43:02 -0400 (EDT)
Best of luck. I am sure once they see them in action, they can't help but be impressed. These things rock. Carric Dooley COM2:Interactive Media http://www.com2usa.com On Wed, 23 Jun 1999, Kelvin Garrahan wrote:
Carric,From the response it seems that, the Nokia option is probably going toprovide the most stable platform. Stonebeat looks interesting, but since I don't believe NT is stable for a 24*7 system, even with layered products to support it. I guess the problem will be introducing a new Hardware Router vendor into a CISCO site. Wish me luck! Regards Kelvin -----Original Message----- From: Carric Dooley [mailto:carric () com2usa com] Sent: Wednesday, June 23, 1999 2:57 AM To: Kelvin Garrahan Cc: 'firewall-wizards () nfr net' Subject: Re: FW-1 Failover Do what I did with my last client.. suggest the Nokia boxes. You will thank each other. They configure flawlessly for fail over, they have triple the throughput of NT, they come with 4 port NIC's and they do not have the aministrative overhead of either a Unix box or... dare I say?? an NT box. No hardening of the OS, just slep 'em in and fire 'em up. Set them up with VRRP and you are cooking. I have never actually see the PIX firewalls fail over... I have seen them fail. ;) Give it some thought and do some research. I have made our pair of Nokia IP440's fail-over and fail back at least 50 times with no hickups. I tested it while pulling an FTP session accross them. Most windows clients won't even notice (since the meter for throughut is usually an average). They fail over in about 2 to 3 seconds, and back in the same amount of time. It is really impressive. And the argument of "We don't have any unix guys to administer the box" falls flat. Carric Dooley COM2:Interactive Media http://www.com2usa.com On Tue, 22 Jun 1999, Kelvin Garrahan wrote:Hi all, I am thinking of using FW-1 for a internal Firewall which will segregate four networks of different security levels. The configuration is to be on NT, with four Ethernet cards. The choice of platform is customer driven,myoriginal plans where to use Cisco's PIX. The main problem I have is providing failover for the FW-1. With PIX this is not a problem. I knowFW-1supports failover/load sharing, but will this work with four interfaces? Has anyone any experience with creating resilience for multiple DMZ FW-1 configurations? Regards Kel. Kelvin Garrahan Internet Technologies Consultant. Network Services, Park House, N.C.R., Dublin 7.kelvin.garrahan () compaq com
Current thread:
- FW-1 Failover Kelvin Garrahan (Jun 22)
- Re: FW-1 Failover Carric Dooley (Jun 23)
- Re: FW-1 Failover Richard Rees (Jun 23)
- Re: FW-1 Failover Lance Spitzner (Jun 23)
- Re: FW-1 Failover Aaron D. Turner (Jun 23)
- <Possible follow-ups>
- RE: FW-1 Failover John McDonald (Jun 23)
- RE: FW-1 Failover Kelvin Garrahan (Jun 23)
- RE: FW-1 Failover Carric Dooley (Jun 23)
- Re: FW-1 Failover Sean Costello (Jun 23)
- RE: FW-1 Failover John McDonald (Jun 28)