Security Basics mailing list archives
RE: For firewalls, what`s best? Load-Sharing or High-Availability?
From: "Unmesh" <unmesh.kumar () paladion net>
Date: Mon, 11 Jul 2011 23:10:30 +0530
Dear Jeff, HA mode is a better option in this case as failure of 1 firewall will result in another firewall taking over the operations. However, incase of a load sharing mode it is recommended that the load does not cross 40-45% in a 2 firewall mode and 30-33% in a 3 firewall mode coz failure of any firewall will increase the load on others resulting in a high risk of firewall failure due to increased load. Hence, load balancing is not recommended in this case, and if the need be then it should be in the 3 firewall mode. We can have 1 firewall with 3 interfaces , DMZ, External and Internal zones. Also this firewall should be configured in HA mode with the other firewall, preferably in Active-Active mode. Regards, Unmesh Kumar -original message- Subject: Re: For firewalls, what`s best? Load-Sharing or High-Availability? From: Jeffrey Walton <noloader () gmail com> Date: 11/07/2011 10:20 pm On Fri, Jul 8, 2011 at 3:59 PM, <hosts.deny () gmail com> wrote:
I`m working with a customer that uses Checkpoint Firewalls and he wants to know what`s the best for their environment, is it Load-Sharing or High-Availability ? Actually, they have 3 cluster of HA firewalls that are one on Internet, another for Users and another one for the DMZ. Is it a good topology ?
They should be able to do this with one firewall (ie, the one box manages the EXTERNAL, DMZ, and INTERNAL). Using three - one for each LAN/WAN segment - seems a bit odd to me. Did I read the statement properly? Jeff ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- For firewalls, what`s best? Load-Sharing or High-Availability? hosts . deny (Jul 08)
- Re: For firewalls, what`s best? Load-Sharing or High-Availability? MLS (Jul 11)
- Re: For firewalls, what`s best? Load-Sharing or High-Availability? Mark Teicher (Jul 11)
- RE: For firewalls, what`s best? Load-Sharing or High-Availability? Mikhail A. Utin (Jul 12)
- Re: For firewalls, what`s best? Load-Sharing or High-Availability? Mark Teicher (Jul 11)
- Re: For firewalls, what`s best? Load-Sharing or High-Availability? Jeffrey Walton (Jul 11)
- <Possible follow-ups>
- Re: For firewalls, what`s best? Load-Sharing or High-Availability? gioan (Jul 11)
- RE: For firewalls, what`s best? Load-Sharing or High-Availability? Unmesh (Jul 11)
- Re: For firewalls, what`s best? Load-Sharing or High-Availability? MLS (Jul 11)