Re: W2K Firewall That Can Route Outbound Packets on Same Interface They Arrived On
From: CHANGE USERNAME TO westes (DELETE_westes_at_earthbroadcast.com)
Date: 05/18/04
- Next message: *Vanguard*: "Re: NIS filtering newsgroups?"
- Previous message: Andreas Völp: "LAN access to PC with Kerio Personal Firewall 4.0.16"
- In reply to: Beoweolf: "Re: W2K Firewall That Can Route Outbound Packets on Same Interface They Arrived On"
- Next in thread: Beoweolf: "Re: W2K Firewall That Can Route Outbound Packets on Same Interface They Arrived On"
- Reply: Beoweolf: "Re: W2K Firewall That Can Route Outbound Packets on Same Interface They Arrived On"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 18 May 2004 09:28:56 -0700
Checkpoint has persistence of sessions, but under Windows 2000 Checkpoint
does NOT implement the behavior of sending outbound packets on the same
interfaces they arrived. Checkpoint only modifies the headers of the IP
packet, and then it passes the packet to standard Windows networking.
Windows networking in turn only recognizes one default outgoing route.
Regarding failover, you are looking at the problem backwards. I'm not
trying to configure a behavior for sessions that are initiated on our side.
Our mail host will be seen through its public MX records as being two
separate MX hosts with two separate IP addresses on different networks.
So the case I care about is where an outside mail server initiates a
connection into us on different ISP networks. I need to make sure that the
packets return back on the same interface they arrived.
-- Will westes AT earthbroadcast.com "Beoweolf" <Beoweolf@pacbell.net> wrote in message news:WEdqc.50046$OB4.23079@newssvr29.news.prodigy.com... > From the requirements you mentioned. What you are looking for is a > "persistant" or "Sticky" session. Server Persistance and/or client > Persistance for sessions is required if you are using MEP (multi entry > protocols) for redundant connections. > > I know that CheckPoint has it. As far as using different ISP as carrier > providors. What you need to do is configure fail over or High availablity > that will sense a failure on the primary connection and failover to the > secondary connection in case of failure. > "CHANGE USERNAME TO westes" <DELETE_westes@earthbroadcast.com> wrote in > message news:0M2dneKSTtvNhzXdRVn-sw@giganews.com... > > I'm looking for a firewall or router that will run on Windows 2000 that > can > > route packets out on the same interface they arrived on, or could apply > > different routing tables based on the interface to which a packet arrives. > > This is to support a mail server which we want to connect to two ISP > > networks. We don't want a default outgoing route on any one interface, > > which is what Windows 2000's IP implementation requires. > > > > If this is not available for Windows, is it available for any UNIX > > implementation? > > > > -- > > Will > > westes AT earthbroadcast.com > > > > > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.686 / Virus Database: 447 - Release Date: 5/14/2004 > >
- Next message: *Vanguard*: "Re: NIS filtering newsgroups?"
- Previous message: Andreas Völp: "LAN access to PC with Kerio Personal Firewall 4.0.16"
- In reply to: Beoweolf: "Re: W2K Firewall That Can Route Outbound Packets on Same Interface They Arrived On"
- Next in thread: Beoweolf: "Re: W2K Firewall That Can Route Outbound Packets on Same Interface They Arrived On"
- Reply: Beoweolf: "Re: W2K Firewall That Can Route Outbound Packets on Same Interface They Arrived On"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
