Re: For firewalls, what`s best? Load-Sharing or High-Availability?



On Fri, Jul 8, 2011 at 3:59 PM, <hosts.deny@xxxxxxxxx> wrote:
I`m working with a customer that uses Checkpoint Firewalls and he wants to know what`s the best for their environment, is it Load-Sharing or High-Availability ?

Actually, they have 3 cluster of HA firewalls that are one on Internet, another for Users and another one for the DMZ. Is it a good topology ?
They should be able to do this with one firewall (ie, the one box
manages the EXTERNAL, DMZ, and INTERNAL). Using three - one for each
LAN/WAN segment - seems a bit odd to me. Did I read the statement
properly?

Jeff

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



Relevant Pages

  • Re: Firewall Info/Recommendations?
    ... > firewall with 3 interfaces or "DMZ capability" listed. ... > acceptable DMZ architecture for a small network to have two firewalls ... > internal network to the internet... ... will do exactly what we currently want for maybe less than the cost of a ...
    (comp.security.firewalls)
  • Re: Firewall Info/Recommendations?
    ... > firewall with 3 interfaces or "DMZ capability" listed. ... > acceptable DMZ architecture for a small network to have two firewalls ... > internal network to the internet... ... will do exactly what we currently want for maybe less than the cost of a ...
    (comp.security.firewalls)
  • Re: Network security - DMZs, Bastion Hosts etc...
    ... Why not replicate the databases and put the replicated ... database in a DMZ? ... Firewalls can do wonderful and intelligen port blocking, ... > We currently have a number of DMZs on an internet facing LAN. ...
    (comp.security.misc)
  • Re: DMZ Arguments....
    ... building a DMZ because you want to have one is a loss of money and other ... If these servers are in your internal net and have some ... In this case you build an area between two firewalls to monitor traffic ...
    (Security-Basics)
  • Re: 2 firewalls 1 Internet connection
    ... > I want to use 2 different hardware firewalls over the same Internet ... You should consider a zone concept first. ... This means, there is an "outside" zone, an so called DMZ (demiliarized ...
    (comp.security.firewalls)