|
List Info
Thread: Re: 3 firewalls configurations
|
|
| Re: 3 firewalls configurations |
 
France |
2008-03-26 05:01:14 |
Well,
By complex VRRP you mean VRRP group I think,
- a configuration could be the 3 firewalls in the same group
with different priorities,
but how can I get two firewalls active at the same time
- an other configuration could be, fw1 and fw2 in group1
and fw2 and fw3 in group2
but a state could lead to: fw2 active for two groups ! And I
can't resolve the enigma !
The reason for this is we designed the platform according to
load specifications,
the result is we need two firewalls, but we want N+1
redundancy, so 2+1 isn't it a good design ?
Well, Reinhard I haven't understood the load you set to
100/100/1,
I think you mean 2fw HA and one single ?
Raul, We have our boxes don't want to use others or even
spend money
Our platforms already uses firewalls load balancing with
alteon on checkpoint and others with netscreen, in my
opinion we can bypass load balancing because of low trafic
average, but we need to secure the architecture.
Regards
Rar
> Message du 25/03/08 22:15
> De : "Reinhard Stich"
> A : FW-1-MAILINGLIST AMADEUS.US.CHECKPOINT.COM
> Copie à :
> Objet : Re: [FW-1] 3 firewalls configurations
>
> hi,
>
> is there any special reason for doing that?
>
> in nokia clustering you can for example manually
> assign the load to cluster-nodes. so if you set
> load to 100 / 100 / 1 the node with load 1 will
> normally not get a single connection.
>
> br
> reinhard
>
> At 15:40 25.03.2008, rar.mail wrote:
> >Hi,
> >
> >I want to know if it possible to have a
> >configuration with 3 firewalls, with two actives
> >and one backup, without uses load balancers:
> >
> >For two firewalls we use vrrp but for more ....
> >firewall load balancing, but any other solution ?
> >
> >Any functionnalities on checkpoint or firewall
standards, ...?
> >
> >Regards
> >
> >rar
> >
> > Créez votre adresse électronique
prénom.nomlaposte.net
> > 1 Go d'espace de stockage, anti-spam et anti-virus
intégrés.
> >
> >
> >
> >Scanned by Check Point Total Security Gateway.
> >
> >
> >=================================================
> >To set vacation, Out-Of-Office, or away messages,
> >send an email to LISTSERVamadeus.us.checkpoint.com
> >in the BODY of the email add:
> >set fw-1-mailinglist nomail
> >=================================================
> >To unsubscribe from this mailing list,
> >please see the instructions at
> >http:
//www.checkpoint.com/services/mailing.html
> >=================================================
> >If you have any questions on how to change your
> >subscription options, email
> >fw-1-ownerts.checkpoint.com
> >=================================================
>
> --
> Reinhard Stich r.stichinternet-security.at
> Internet Security AG, 1150 Wien, Johnstrasse 29
> Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333
>
>
> Scanned by Check Point Total Security Gateway.
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERVamadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http:
//www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ownerts.checkpoint.com
> =================================================
>
>
Créez votre adresse électronique prénom.nomlaposte.net
1 Go d'espace de stockage, anti-spam et anti-virus
intégrés.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|
|
| Re: 3 firewalls configurations |
 
Netherlands |
2008-03-26 13:09:23 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
rar.mail wrote:
| Well,
| By complex VRRP you mean VRRP group I think,
| - a configuration could be the 3 firewalls in the same
group with
different priorities,
| but how can I get two firewalls active at the same time
| - an other configuration could be, fw1 and fw2 in group1
and fw2 and
fw3 in group2
| but a state could lead to: fw2 active for two groups ! And
I can't
resolve the enigma !
|
| The reason for this is we designed the platform according
to load
specifications,
| the result is we need two firewalls, but we want N+1
redundancy, so
2+1 isn't it a good design ?
| Well, Reinhard I haven't understood the load you set to
100/100/1,
| I think you mean 2fw HA and one single ?
|
| Raul, We have our boxes don't want to use others or even
spend money
| Our platforms already uses firewalls load balancing with
alteon on
checkpoint and others with netscreen, in my opinion we can
bypass load
balancing because of low trafic average, but we need to
secure the
architecture.
You want to do load balancing. But you think you want to do
HA only.
Your specifications do call for some sort of Load balancing
solution.
You can choose to use ClusterXL for this or IP clustering
from Nokia as
indicated by someone else.
But if you have a problem figuring out how to do this
yourself then I
strongly suggest you rethink your ability to create a stable
installation.
Hugo.
- --
hvdkooijvanderkooij.org http://hugo.vanderkooij.
org/
PGP/GPG? Use: http://hug
o.vanderkooij.org/0x58F19981.asc
A: Yes.
>Q: Are you sure?
>>A: Because it reverses the logical flow of
conversation.
>>>Q: Why is top posting frowned upon?
Bored? Click on http://spamornot.org/ and
rate those images.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFH6pFQBvzDRVjxmYERAnOyAKC19K34/eEwjaegKIowA9bptyYzzgCe
ND+S
Aoq4kV9jolddH7SNqQkejNs=
=mXXN
-----END PGP SIGNATURE-----
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|
|
| Smartdefense |
 
Italy |
2008-03-27 07:32:22 |
Hi,
it is possible to disable SmartDefense for a set of internal
IP addresses?
Thanks
Giacomo
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|
|
| Re: Smartdefense |
 
Romania |
2008-03-27 09:51:03 |
Giacomo Fazio wrote:
> Hi,
> it is possible to disable SmartDefense for a set of
internal IP addresses?
only for p2p apps, otherwise it's all or almost nothing.
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|
|
| Re: Smartdefense |
 
United States |
2008-03-27 10:01:23 |
Giacomo:
SmartDefense (in general) does not support the ability to
enable / disable
on a per-IP basis. If memory serves, SmartDefense is on a
per-management-environment basis. I think the one exception
to that rule is
with some of the P-P SmartDefense rules.
HTH...
______________________________________
Michael E. Natkin
Security Engineer, NJ/PA
Check Point Software Technologies, Inc.
mnatkinus.checkpoint.com
Mobile: 570-371-8355
Skype / Yahoo / AIM: menatkin
MSN Messenger: menatkinlive.com
This information is intended only for the person to whom it
is addressed and
may contain confidential material. If you are not the
intended recipient,
you are hereby notified that any action taken upon this
message is
prohibited. If you received this in error, please contact
the sender and
delete the material from any computer.
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM]
On Behalf Of Giacomo
Fazio
Sent: Thursday, March 27, 2008 8:32 AM
To: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Smartdefense
Hi,
it is possible to disable SmartDefense for a set of internal
IP addresses?
Thanks
Giacomo
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|
|
[1-5]
|
|