Re: Checkpoint FW1 failover requirements?
From: Thomas Marko (news-kabsiREMOVEME_at_tomsoft.at)
Date: 02/24/05
- Next message: postman: "IPSO Traceroute"
- Previous message: E.: "Re: Too much firewalls?"
- In reply to: SJ: "Checkpoint FW1 failover requirements?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 24 Feb 2005 08:26:31 +0100
SJ wrote:
> Hello,
> We currently are running a Checkpoint NG firewall on a Solaris box with
> an Enterprise license for unlimited users.
>
> I am looking to set up another identical Solaris box running Checkpoint to
> be a failover/standby when the first one would fail.
> I am not looking for load balancing.
>
> My question: Is this functionality built in to the NG firewall software
> itself?
Yes, there is a functionality in FW-1/VPN-1 which is called CPHA which
can do standby HA but can also do Load Balancing (depends on how many
coins you'll through into the slot ;-)
You can also realize HA using the protocol VRRP (builtin in Nokia and
Nortel Alteon Appliances, and ?).
> And would we have to pay for another ($20K) Enterprise licence to make this
> happen?
AFAIK you will need a license for the second module, but not for a
second management server. If you use CPHA you will have to purchase a
ClusterXL license.
> If this scenario requires another Enterprise license to be purchased, it
> would probably just make more sense to buy two Cisco PIXes in a
> standby/failover configuration and save a bunch of money.
Please do not compare a Check Point FW-1/VPN-1 with a Cisco PIX. Just
looking for the price when buying a firewall is IMHO the wrong way.
Cheers,
Thomas
- Next message: postman: "IPSO Traceroute"
- Previous message: E.: "Re: Too much firewalls?"
- In reply to: SJ: "Checkpoint FW1 failover requirements?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
