RE: RE: Firewall-1 platforms

["Kalat, Andrew (ISS Atlanta)" <akalat () iss net>]

Hey Shawn,
        Indeed, VRRP is pretty cool. As fail over goes, I agree, it's pretty
easy and elegant. I might have misspoke though. I was referring to not just
fail over, but actual true load balancing, where both boxes are passing
traffic, rather than having one in hot standby waiting for a failure. Do you
know of a way to do that with Nokia? That would indeed rock...

Andrew Kalat.
Comments are my own, not my employers...

"Kalat, Andrew (ISS Atlanta)" wrote:

> Fourth, with dual Sun boxes, and a good fail over product like StoneBeat,
I
> believe you can do load balancing of traffic between both Sun boxes. As
far
> as I know, you can't do load balancing between two Nokia boxes yet.

Oh, but you can! :) Not a huge fan of the Nokia's (pretty pricey as far
as bang for the buck -- I'd like to see FW-1 support *BSD... then I
could build my own appliance for 1/3 the cost), but at a previous
employer we chose the Nokia's over Stonebeat and Sun gear because of the
excellent failover support. 

Nokia's boxen do VRRP (Virtual Router Redundancy Protocol) with state
shared between firewalls without having to add a third party app. This
is also cool becuse it will interoperate with other gear that talks
VRRP, like Foundry, etc.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards