Hi
Stonesoft has a product called Stonebeat for Failover and load balancing. They don't support VPN failover but apparently it will be a feature of Checkpoint V4.1
Their product will does support VPN failover for FW 4.1
Cheers
Andrew
Internet Security Engineer (CCSA, CCA)
Gigabytes Inc.
Tel: (510) 440-8032 x 147
Email: Andrew@gigabytes.com
Voicemail and Fax: 1-877-295-3969 (Toll Free)
-----Original Message-----
From: McMeekin, Scott [mailto:Mcmeesm@rbos.co.uk]
Sent: Tuesday, October 05, 1999 8:05 AM
To: fw-1-mailinglist@lists.us.checkpoint.com
Subject: RE: [FW1] SecureRemote running under FW-1 Synchronized
Firewalls?
My understanding of why this doesn't work, is that when you have synched
firewalls,
eg my nokia IP440s, only one of them can export its encryption domain at any
one time
(you get the "overlapping encryption domains" error if you try to export
both, as you
would need in a hot-failover scenario). I don't think the encryption stuff
is synced
across the firewalls either, just state information on connections, but
you'd think
Checkpoint would get around to fixing that soon if that is right.
The other problem, and this is really the killer, is that securemote needs
to point at
the firewalls REAL address, rather than the virtual one generated in your HA
firewall
setup, in my case VRRP or monitored circuits (like HSRP). What's more, since
the IP
address of Firewall A has already been involved in the encryption process
for that
securemote session, when firewall A fails securemote isn't smart enough to
be able to
resume the vpn with the alternate firewall.
The happy news is our position as consumers - we'd LOVE to have failoverable
vpn from
securemote, and because of that single fact you can pretty much guarantee
checkpoint
will be already working on how to give us that.
Scott.
> -----Original Message-----
> From: Richard D. Pringle [SMTP:rpringle@inm.eds.com]
> Sent: Tuesday, October 05, 1999 3:00 PM
> To: fw-1-mailinglist@lists.us.checkpoint.com
> Subject: [FW1] SecureRemote running under FW-1 Synchronized
> Firewalls?
>
>
> *** Warning : this message originates from the Internet ****
>
>
> I heard through other fw-1 lists that this is not an option with fw-1
> 4.0 and
> was wondering if anyone knows the answer. I'm in the process of
> deploying the Qualix HA+ software for failover between two 4.0 sync.d
> firewalls, but was really counting on using the SecureRemote for remote
> access.
>
> If this doesn't work, then what gives? Doesn't sound right to me.
>
> Any responses would be appreciated.
>
> --
> Richard D. Pringle
> SE-Senior (Security) - EDS
> Security/Firewalls/IDS/Scanning
> Security@inm.eds.com
>
> 'Don't be Silenced by the Grave'
>
>
>
>
> ==========================================================================
> ======
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ======
The Royal Bank of Scotland plc is registered in Scotland No 90312. Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB.
The Royal Bank of Scotland plc is regulated by IMRO, SFA and Personal Investment Authority.
This e-mail message is confidential and for use by the addressee only. If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer.
'Internet e-mails are not necessarily secure. The Royal Bank of Scotland plc does not accept responsibility for changes made to this message after it was sent.'
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================