RE: Nokia/Checkpoint

["Yin To Chu" <ytchu () ozemail com au>]

Hi Rainfinity and Nokia :

Is there a plan for Rainfinity to work on Nokia IP650 which runs IPSO?

How would you compare with HA module in FW-1 version 4.1 and StoneBeat?

How would you compare Rainwall with FW load balancing using L4 switches ,
say, Alteon? See
http://www.alteonwebsystems.com/products/white_papers/flbwp/index.shtml

How many FW-1 can RAINWall support to work together?

Regards

Hi all :

Anyone got experience with Rainwall and FW load balancing with L4 switches,
and would like to share?

Hi Stonebeat :

Are you affected by FW-1 HA and Rainwall? How would you compare with these?

YT



> -----Original Message-----
> From: owner-firewall-wizards () lists nfr net
> [mailto:owner-firewall-wizards () lists nfr net]On Behalf Of Yin To Chu
> Sent: Saturday, February 05, 2000 2:31 AM
> To: Jeff Thomas; firewall-wizards () nfr net
> Subject: RE: Nokia/Checkpoint
>
>
> Is it possible to scale the FW by using load balancing switches, say, from
> Alteon, Foundry, Arrow point, F5, Extreme, RADWare, CIsco,etc,
> with multiple
> FWs?
>
> Is it possible to provide N+1 redundancy in this case?
> Is it still possible to maintain transparency to end point
> systems and how?
>
> YT
>
> -----Original Message-----
> From: owner-firewall-wizards () lists nfr net
> [mailto:owner-firewall-wizards () lists nfr net]On Behalf Of Jeff Thomas
> Sent: Friday, 4 February 2000 12:00
> To: firewall-wizards () nfr net
> Subject: Nokia/Checkpoint
>
>
> The Nokia platforms are FreeBSD.  The OS is heavily modified.  It is not a
> standard FreeBSD install.  The benefits of this product is the low admin
> needed to maintain it.  You don't need to be a unix guru to
> manage it.  The
> use of packages allows to to upgrade and revert to a previous version of
> firewall-1 or the OS itself.  In other words, you can run several versions
> on the same box.  you simply activate the one you need.  Good for managed
> services in my opinion.  A web interface is provided to do all the admin.
> It is responsive and works well.  SSH is available for the commandline
> commandos.  Supports OSPF, BGP (extra cost), IGRP which is implemented in
> the routing daemon.   Has ACL capabilities as well.
>
> One thing I disagree is the fact you have to get NIC from Nokia.  Probably
> a result of the modified kernel and drivers used.  Things tend to get
> pricey this way.  Models avaialble are the IP330/VPN220 - remote office,
> IP440 - enterprise, and IP600 - carrier.  The IP440 used to offer the most
> configurations.  The IP600 is catching up.  IP600 does not offer mirrored
> drives as the IP440 does.  Yet the IP440 doesn't offer redundant power or
> hot-swap as the IP600 does.  IP330/VPN are pretty much fixed configs.
>
> Support was always good.  I understand Checkpoint is to take this over
> though (not knocking checkpoint).
> Parts were received in a day or two.
>
> One question I have is regarding the post that Nokia is behind in
> HA.  What
> does Stonebeat have that puts it ahead in regard to HA?  I find VRRP to
> work well.  Plus, I don't need an extra $10000 for HA.  VRRP is able to
> backup multiple systems.  It is also a standard.  Now if your talking
> clustering or load balancing then I agree.  All though you can
> load balance
> using OSPF and VRRP I believe.