[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] GateD for OSPF on FW-1
Okay, for those interested, I have posted a sanatized sample OSPF diagram and the corresponding gated.conf files at http://www.securitystats.com/network/ . Please note that the design is NOT the one used at securitystats.com, I've just put it there as it's convenient. Also note that this particular design is not incredibly efficient (only provides fail-over, not LB), and has a few interesting IP addressing issues (DMZ is public, all other segments are private, although this could easily be changed). The design itself has lots of room for improvement, as we had to throw something together very quickly, and have since switched gears to a different solution using Foundry ServerIrons to do the HA (and even another design is in the works using Nokia/VRRP/Foundry). But, as is, I've seen it work well supporting a 12MB internet pipe, 120+ Extranet partners, about 50 DMZ web servers, and about 10,000 internal users going through it. The basic cost structure forces traffic as follows: -internal-net to Internet traffic via top firewall -internal-net to DMZ or Extranet via bottom firewall -Internet to DMZ via top firewall -DMZ to Internet via top firewall -DMZ to internal-net via bottom firewall -Extranet to DMZ or internal-net via bottom firewall -Internet to internal-net is NOT allowed If one FW fails, the other picks up for it within 2 seconds, and state is synced every 100ms. Questions about this specific design can be sent directly to me. Jason [email protected] wrote: > > ;-) Hi > you wrote: I can post a sample config and sanitized network doc of mine if it would help more. > i am very intrested in your document can you also post it to me. > kind regards > K@rel ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|