Firewall Wizards mailing list archives
RE: HA Gauntlet 6.0 ???
From: "Ben Nagy" <ben () iagu net>
Date: Thu, 9 Jan 2003 07:33:01 +0100
I'd beware of this solution. Much as I liked Gauntlet when configured right, I had an absolute beast of a time with HA on 5.5 on Solaris. Having said that, it _did_ work eventually. It's only box-level failover, too - it can't detect jammed proxies, for example, which was a problem in some cases. I found the HA stuff itself poorly documented, which was a pain since the default scripts that shipped with the boxen didn't do everything right. I never used 6 - and I'm sad to say that I wouldn't start now, given the state of what's left of NAI. Also, since you're not in the continental US, I'd guess that you will have big problems getting good in-country Gauntlet support (as I did in Australia). Insert also my standard rant about Gauntlet using sendmail and bind as the SMTP and DNS proxies (lunacy), and about the difference between the new "fast" http-pdk and plug-gw (*cough* none *cough*). With a somewhat heavy heart, my opinion would be that you'd be better off to explore a solution using another firewall. My current product knowledge is now a little old, but FW-1/Nokia did box level failover in two boxes (but it's FW-1...ugh) using VRRP and almost everyone, including Gauntlet, is supported by the external clustering boxes (linkproof, stonebeat etc etc), which also do much more granular failover, keep session states, do load balancing and tricky routing stuff etc. The external boxes are good, but they're also not free. Good luck! (Gauntlet _used_ to be so good, dammit) -- Ben Nagy Network Security Specialist Mb: +41792504687 PGP Key ID: 0x1A86E304
-----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of jsanchez () myalert com Sent: Wednesday, January 08, 2003 3:18 PM To: firewall-wizards () honor icsalabs com Subject: [fw-wiz] HA Gauntlet 6.0 ??? HI all, we are thinking on builiding and ha environment with 2 gauntlet 6.0, looks like the only ha agent supoorted by gauntlet is the veritas cluster 4.7, am i rigth ??? Has enyone sucessfully tested or tried any ha agent with gauntlet 6 ?? TIA
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- HA Gauntlet 6.0 ??? jsanchez () myalert com (Jan 08)
- RE: HA Gauntlet 6.0 ??? Ben Nagy (Jan 09)
- Re: HA Gauntlet 6.0 ??? Darryl Luff (Jan 09)
- Re: HA Gauntlet 6.0 ??? Dean A Weber (Jan 09)
- Re: HA Gauntlet 6.0 ??? Paul Thomas (Jan 09)