Firewall Wizards mailing list archives
RE: Hardware vs. Software firewall reliability
From: dwelch () phoneboy com
Date: 12 Sep 1999 12:11:02 -0700
On Fri, 10 September 1999, "Aaron D. Turner" wrote:
I thought the problem with H/A and VPN is only one of the firewalls can have the VPN "certificate". When the primary fails and the secondary takes over the remote site aborts the VPN because the secondary has the wrong cert. The fix is to manually update the certificates (or perhaps via a script).
What works the best, at least until FireWall-1 4.1 is generally available which will supposedly support HA VPNs, is to have a shared disk between your two firewalls and they basically share the same configuration. This is how it used to be set up with FirstWatch and the various versions of the Qualix stuff. The Nokia platform has it's own way of dealing with HA VPNs in the newest version of it's OS, but it requires Nokias at each end. -- Dameon D. Welch, a.k.a. PhoneBoy (dwelch () phoneboy com) Check Point FireWall-1 FAQs at http://www.phoneboy.com/fw1/ The views expressed herein are not necessarily those of anyone else. -- Signup for your free USWEST.mail Email account http://www.uswestmail.net
Current thread:
- Re: Hardware vs. Software firewall reliability, (continued)
- Re: Hardware vs. Software firewall reliability David Klann (Sep 08)
- Re: Hardware vs. Software firewall reliability Josh Robb (Sep 08)
- Re: Hardware vs. Software firewall reliability Ryan Russell (Sep 08)
- Re: Hardware vs. Software firewall reliability Marcus J. Ranum (Sep 08)
- RE: Hardware vs. Software firewall reliability Lart (Sep 09)
- RE: Hardware vs. Software firewall reliability Lart (Sep 11)
- RE: Hardware vs. Software firewall reliability Lart (Sep 09)
- Re: Hardware vs. Software firewall reliability Vin McLellan (Sep 09)
- RE: Hardware vs. Software firewall reliability Bill Stout (Sep 09)
- RE: Hardware vs. Software firewall reliability Ryan Russell (Sep 12)
- Tripwire like perl program Siglite (Sep 14)
- RE: Hardware vs. Software firewall reliability dwelch (Sep 14)
- RE: Hardware vs. Software firewall reliability Joe Ippolito (Sep 14)
- RE: Hardware vs. Software firewall reliability Bill Stout (Sep 14)
- RE: Hardware vs. Software firewall reliability Tina Bird (Sep 18)
- RE: Hardware vs. Software firewall reliability Joe Ippolito (Sep 18)
- Re: Hardware vs. Software firewall reliability Chenggong Charles Fan (Sep 18)
- RE: Hardware vs. Software firewall reliability dwelch (Sep 18)
- RE: Hardware vs. Software firewall reliability Garrahan, Kelvin (Sep 18)