Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: RE: nokia/checkpoint

RE: nokia/checkpoint

From: Andrew Helm-Cowley <acowley_at_icsbermuda.com>
Date: Fri, 8 Dec 2000 10:12:41 -0400

One more note - If you do setup the Gateway cluster on the Nokias then you
can not have one of them as the management station. You have to put the
management station on a separate box. (as detailed in nokias knowledgebase).

Andrew

-----Original Message-----
From: firewall-wizards-admin_at_nfr.com
[mailto:firewall-wizards-admin_at_nfr.com]On Behalf Of
Jerald.Josephs_at_nokia.com
Sent: Monday, December 04, 2000 5:37 PM
To: jf_at_gmx.de; firewall-wizards_at_nfr.com
Subject: RE: [fw-wiz] nokia/checkpoint

It would be more accurate to state that the Nokia appliance incorporates an
HA solution for Check Point VPN-1. This is the Virtual Router Redundancy
Protocol (VRRP).

VRRP does not provide a load balancing configuration, although you can use
it in a creative configuration to setup a static load distribution scenario.

VRRP brings into existence a virtual router. Check Point VPN-1 has a Gateway
Cluster object which brings into existence a virtual firewall. You can
assign this object the IP Address associated with the virtual router and
setup HA for VPN.

Your diagram is a little confusing to me. I am not sure of the number of
firewalls between LAN1 and LAN2. It is appears that you wish to establish a
VPN between two Check Point VPN-1 platforms and that this VPN has to pass
through a single Nokia Appliance platform. Also, you ask if there could be
problems at 250 Mega-BYTES per second. I think you meant Mega-BITS per
second. (Is that correct?).

Jerald Josephs
Regional Technical Manager - Sales Engineering
Americas - West
Nokia Internet Communications

-----Original Message-----
From: jf_at_gmx.de [mailto:jf_at_gmx.de]
Sent: Friday, December 01, 2000 3:44 AM
To: firewall-wizards_at_nfr.com
Subject: [fw-wiz] nokia/checkpoint

hi everybody,

Our Chief- Technician has decided to buy a Nokia/checkpoint High-
availability Cluster. As far as I've gotten it, the nokia acts as sort of
loadbalancer for the checkpoints.

LAN1 |---Checkpoint---Nokia----Checkpoint-----|LAN2
     |--------------------VPN-----------------|

Are there any known drawbacks /pitfalls /whatever when operating these
devices with network -loads > 250MBps ?

BTW I want to thank lspitz_at_enteract.com who pointed out the checkpoints'
behaviour in a detailed way.

Comments / hints/ whitepapers / exprience are highly welcome
TNX, jf

_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_nfr.com
http://www.nfr.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_nfr.com
http://www.nfr.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_nfr.com
http://www.nfr.com/mailman/listinfo/firewall-wizards
Received on Dec 09 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos