Re: Checkpoint - Nokia Boxes vs Solaris

From: Alan Strassberg (alan@internal.wj.com)
Date: 03/29/02

• Next message: Matteo: "Re: ZoneAlarm Pro 3.0.091 - Does NOT Detect LAN Properly - ???"
• Previous message: Alan Strassberg: "Re: Checkpoint - Nokia Boxes vs Solaris"
• In reply to: Paul Dawson: "Re: Checkpoint - Nokia Boxes vs Solaris"
• Next in thread: Paul Dawson: "Re: Checkpoint - Nokia Boxes vs Solaris"
• Reply: Paul Dawson: "Re: Checkpoint - Nokia Boxes vs Solaris"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: alan@internal.wj.com (Alan Strassberg)
Date: 29 Mar 2002 08:54:05 -0800

In article <3CA49888.4040709@intekom.com>, Paul Dawson <p@intekom.com> wrote:
>
>>
>> It would be difficult, you'd need an AS and two agreeable ISPs, here in the
>> UK, word has it that ISPs are generally unwilling to peer to anything
>> smaller than a /21.
>
>Both lines will go to the same upstream provider and sit on different
>nodes for physical redundancy.
>
>Do you think If I used 2 Alteon web switches running two VIPs on each of
>them (also connected via span-tree) natting those into one RIP which
>will talk to the active firewall. On the inside RIP facing interfaces
>these two streams of traffic is translated into one stream. Then on the
>outside (internet) interface for each VIP I set on two different vlans
>with two different default gateways - one for each MHSRP group.
>
>FIREWALL-------(RIP one address)ALTEON (VIP two addresses)------RTR
>(VRRP) (span-tree)
>FIREWALL-------(RIP one address)ALTEON (VIP two addresses)------RTR
>
>Do you think that might work?

        Yes, two VLANs on each LB - one to inside VIP, one to outside,
        and both load balancers with spanning tree for failover.
        I'd go with F5's over Alteon. No RIP needed. One default gateway
        (HSRP VIP).

                                        alan

---

• Next message: Matteo: "Re: ZoneAlarm Pro 3.0.091 - Does NOT Detect LAN Properly - ???"
• Previous message: Alan Strassberg: "Re: Checkpoint - Nokia Boxes vs Solaris"
• In reply to: Paul Dawson: "Re: Checkpoint - Nokia Boxes vs Solaris"
• Next in thread: Paul Dawson: "Re: Checkpoint - Nokia Boxes vs Solaris"
• Reply: Paul Dawson: "Re: Checkpoint - Nokia Boxes vs Solaris"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Checkpoint - Nokia Boxes vs Solaris ... > It would be difficult, you'd need an AS and two agreeable ISPs, here in the ... Do you think If I used 2 Alteon web switches running two VIPs on each of ... On the inside RIP facing interfaces ... these two streams of traffic is translated into one stream. ... (comp.security.firewalls) Re: Checkpoint - Nokia Boxes vs Solaris ... >>>It would be difficult, you'd need an AS and two agreeable ISPs, here in the ... On the inside RIP facing interfaces ... Can you take two different streams of traffic from two separate vlans ... (comp.security.firewalls)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.firewalls  > 2002-03