Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: RE: nokia/checkpoint

RE: nokia/checkpoint

From: <Jerald.Josephs_at_nokia.com>
Date: Mon, 4 Dec 2000 15:36:48 -0600

It would be more accurate to state that the Nokia appliance incorporates an
HA solution for Check Point VPN-1. This is the Virtual Router Redundancy
Protocol (VRRP).

VRRP does not provide a load balancing configuration, although you can use
it in a creative configuration to setup a static load distribution scenario.

VRRP brings into existence a virtual router. Check Point VPN-1 has a Gateway
Cluster object which brings into existence a virtual firewall. You can
assign this object the IP Address associated with the virtual router and
setup HA for VPN.

Your diagram is a little confusing to me. I am not sure of the number of
firewalls between LAN1 and LAN2. It is appears that you wish to establish a
VPN between two Check Point VPN-1 platforms and that this VPN has to pass
through a single Nokia Appliance platform. Also, you ask if there could be
problems at 250 Mega-BYTES per second. I think you meant Mega-BITS per
second. (Is that correct?).

Jerald Josephs
Regional Technical Manager - Sales Engineering
Americas - West
Nokia Internet Communications

-----Original Message-----
From: jf_at_gmx.de [mailto:jf_at_gmx.de]
Sent: Friday, December 01, 2000 3:44 AM
To: firewall-wizards_at_nfr.com
Subject: [fw-wiz] nokia/checkpoint

hi everybody,

Our Chief- Technician has decided to buy a Nokia/checkpoint High-
availability Cluster. As far as I've gotten it, the nokia acts as sort of
loadbalancer for the checkpoints.

LAN1 |---Checkpoint---Nokia----Checkpoint-----|LAN2
     |--------------------VPN-----------------|

Are there any known drawbacks /pitfalls /whatever when operating these
devices with network -loads > 250MBps ?

BTW I want to thank lspitz_at_enteract.com who pointed out the checkpoints'
behaviour in a detailed way.

Comments / hints/ whitepapers / exprience are highly welcome
TNX, jf

_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_nfr.com
http://www.nfr.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_nfr.com
http://www.nfr.com/mailman/listinfo/firewall-wizards
Received on Dec 08 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos