Firewall Wizards mailing list archives

RE: nokia/checkpoint

From: Jerald.Josephs () nokia com
Date: Fri, 8 Dec 2000 11:10:55 -0600

This is correct, but with regard to VPN-1 and not with regard to VPN-1
running on the Nokia platform. Others might conclude that there exists a
functionality in VPN-1 that is not available on the Nokia platform.

Jerald Josephs
Regional Technical Manager - Sales Engineering
Americas - West
Nokia Internet Communications


-----Original Message-----
From: EXT Andrew Helm-Cowley [mailto:acowley () icsbermuda com]
Sent: Friday, December 08, 2000 6:13 AM
To: Jerald.Josephs () nokia com; jf () gmx de; firewall-wizards () nfr com
Subject: RE: [fw-wiz] nokia/checkpoint


One more note - If you do setup the Gateway cluster on the Nokias then you
can not have one of them as the management station.  You have to put the
management station on a separate box. (as detailed in nokias knowledgebase).

Andrew

-----Original Message-----
From: firewall-wizards-admin () nfr com
[mailto:firewall-wizards-admin () nfr com]On Behalf Of
Jerald.Josephs () nokia com
Sent: Monday, December 04, 2000 5:37 PM
To: jf () gmx de; firewall-wizards () nfr com
Subject: RE: [fw-wiz] nokia/checkpoint


It would be more accurate to state that the Nokia appliance incorporates an
HA solution for Check Point VPN-1. This is the Virtual Router Redundancy
Protocol (VRRP).

VRRP does not provide a load balancing configuration, although you can use
it in a creative configuration to setup a static load distribution scenario.

VRRP brings into existence a virtual router. Check Point VPN-1 has a Gateway
Cluster object which brings into existence a virtual firewall. You can
assign this object the IP Address associated with the virtual router and
setup HA for VPN.

Your diagram is a little confusing to me. I am not sure of the number of
firewalls between LAN1 and LAN2. It is appears that you wish to establish a
VPN between two Check Point VPN-1 platforms and that this VPN has to pass
through a single Nokia Appliance platform. Also, you ask if there could be
problems at 250 Mega-BYTES per second. I think you meant Mega-BITS per
second. (Is that correct?).

Jerald Josephs
Regional Technical Manager - Sales Engineering
Americas - West
Nokia Internet Communications


-----Original Message-----
From: jf () gmx de [mailto:jf () gmx de]
Sent: Friday, December 01, 2000 3:44 AM
To: firewall-wizards () nfr com
Subject: [fw-wiz] nokia/checkpoint


hi everybody,

Our Chief- Technician has decided to buy a Nokia/checkpoint High-
availability Cluster. As far as I've gotten it, the nokia acts as sort of
loadbalancer for the checkpoints.


LAN1 |---Checkpoint---Nokia----Checkpoint-----|LAN2
     |--------------------VPN-----------------|

Are there any known drawbacks /pitfalls /whatever when operating these
devices with network -loads > 250MBps ?

BTW I want to thank lspitz () enteract com  who pointed out the checkpoints'
behaviour in a detailed way.

Comments / hints/ whitepapers / exprience are highly welcome
TNX, jf


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

nokia/checkpoint jf (Dec 02)
- <Possible follow-ups>
- RE: nokia/checkpoint Jerald . Josephs (Dec 08)
  - RE: nokia/checkpoint Andrew Helm-Cowley (Dec 09)
- RE: nokia/checkpoint Jürgen Nieveler (Dec 08)
- RE: nokia/checkpoint Jerald . Josephs (Dec 09)