Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Load Balancing Agent

To: "Mark Squire" <[email protected]>, <[email protected]>
Subject: RE: [FW1] Load Balancing Agent
From: "Mark Decker" <[email protected]>
Date: Fri, 26 Jan 2001 14:57:10 -0800
Importance: Normal
In-reply-to: <[email protected]>
Reply-to: <[email protected]>
Sender: [email protected]

>3. Is there ANY way to get Rainwall to work with a Nokia IPSO 3.2.1
box?

You could reformat the HD and install Linux, but then it wouldn't be an
IPSO box anymore. ;-)  That's the unfortunate downside of a proprietary
platform like Nokia's.

>2. Lets say there is a farm of 3 Firewalls.  Does Rainfront allow for
>1 gateway for all of the internal machines to see, or is there a
>gateway for each firewall?

Yes.  You can configure RainWall so that the cluster has a single
virtual IP address (VIP) per subnet, so all your internal clients point
to the one default gateway.

>1. Does Rainwall Load-Ballance VPNs connections including SecuRemote?
>If so how does that work?  Would a remote site connecting to a
>Load-Ballanced VPN connect to 1 IP address?  In other words, in
>the Network objects, could I just set up firewall object that points
>to a single IP address created by Rainwall for load ballanced VPNs?
>If so how would I set up the interfaces?

Yes.  In the case of SecuRemote, the remote client does not connect
directly to a VIP.  It still connects to the management server, which
should be located on a separate machine behind the firewall cluster.
The external VIP of the firewall cluster becomes the default gateway for
the remote client, but not the end-point of the VPN tunnel.  When
defining the gateway cluster, its IP address would be the external
RainWall VIP.

Gateway-to-gateway VPN (between two FW-1 servers) is handled a bit
differently than SecuRemote.  Since these tunnels are permanently
defined in advance by the administrator, RainWall does more of a static
load-sharing than a dynamic load- balancing.  In other words, when you
set up each tunnel in VPN-1, you will also identify the tunnel in a
RainWall config file, and tell RainWall which machine should handle that
tunnel.  The tunnel will only move to another machine in the event of a
fail-over.  If you do intend to use RainWall for gateway-to-gateway VPN
load sharing, be sure you are using version 1.5.1 of the RainWall
software.

Hope this helps.  I suggest you download an evaluation copy of the 1.5.1
software from our website and read the included User Guide chapter on
VPN configuration for more details.  Currently, you can download 1.5.1
for NT or Linux.  If you want 1.5.1 for Solaris, send an email to
[email protected] instead.

Mark




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- RE: [FW1] Load Balancing Agent
  - From: Mark Squire <[email protected]>

Prev by Date: RE: [FW1] why not a bridge?
Next by Date: RE: [FW1] why not a bridge?
Previous by thread: RE: [FW1] Load Balancing Agent
Next by thread: [FW1] Update objects from 4.0 to 4.1sp3
Index(es):
- Date
- Thread