Firewall Wizards mailing list archives
Re: RE: firewalls & multi-homing
From: "Stephane Nasdrovisky" <stephane.nasdrovisky () uniway be>
Date: Thu, 06 Sep 2001 11:44:24 +0200
There are 2 ways I can think of. -The first one is to synchronise the 2 firewalls. In the case of checkpoint, you configure the sync.conf as if the 2 distant firewalls were part of a single cluster. If the wan between the 2 firewall is 'slow' (<10 Mbs), forget it. -The other one is to use address translation: the idea is that you should make sure that any packet leaving your LA firewall have valid LA addresses. You achieve this by translating/masquerading NY addresses into LA addresses on the LA firewall. You'll have to do similar thing on the NY firewall. Irwin Lazar wrote:
Got a question on multihoming and the use of stateful firewalls: Suppose customer "X" has two internet gateways, one in NY and one in LA. Traffic goes out the NY gateway, but for some reason, asymmetrical routing sends the return traffic to LA. Assuming the customer is using stateful firewalls, will the return traffic in LA be blocked? Is there any mechanism for the LA & NY firewalls to exchange stateful information? So far, the only solution I see to this issue is to tinker with route advertisements to prevent or minimize asymmetrical routing. Thanks in advance. irwin ----- Irwin Lazar Senior Consultant, The Burton Group e-mail: ilazar () tbg com Office: 703-742-9659 Cell: 703-402-4119 http://www.tbg.com/ _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: firewalls & multi-homing Irwin Lazar (Sep 05)
- Re: RE: firewalls & multi-homing Ryan Russell (Sep 07)
- Re: RE: firewalls & multi-homing Carson Gaspar (Sep 07)
- Re: RE: firewalls & multi-homing Stephane Nasdrovisky (Sep 07)