Firewall Wizards mailing list archives

RE: HA Gauntlet 6.0 ???

From: "Ben Nagy" <ben () iagu net>
Date: Thu, 9 Jan 2003 07:33:01 +0100

I'd beware of this solution. Much as I liked Gauntlet when configured
right, I had an absolute beast of a time with HA on 5.5 on Solaris.
Having said that, it _did_ work eventually. It's only box-level
failover, too - it can't detect jammed proxies, for example, which was a
problem in some cases. I found the HA stuff itself poorly documented,
which was a pain since the default scripts that shipped with the boxen
didn't do everything right.

I never used 6 - and I'm sad to say that I wouldn't start now, given the
state of what's left of NAI. Also, since you're not in the continental
US, I'd guess that you will have big problems getting good in-country
Gauntlet support (as I did in Australia). Insert also my standard rant
about Gauntlet using sendmail and bind as the SMTP and DNS proxies
(lunacy), and about the difference between the new "fast" http-pdk and
plug-gw (*cough* none *cough*).

With a somewhat heavy heart, my opinion would be that you'd be better
off to explore a solution using another firewall. My current product
knowledge is now a little old, but FW-1/Nokia did box level failover in
two boxes (but it's FW-1...ugh) using VRRP and almost everyone,
including Gauntlet, is supported by the external clustering boxes
(linkproof, stonebeat etc etc), which also do much more granular
failover, keep session states, do load balancing and tricky routing
stuff etc. The external boxes are good, but they're also not free.

Good luck!

(Gauntlet _used_ to be so good, dammit)
--
Ben Nagy
Network Security Specialist
Mb: +41792504687  PGP Key ID: 0x1A86E304

-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com 
[mailto:firewall-wizards-admin () honor icsalabs com] On Behalf 
Of jsanchez () myalert com
Sent: Wednesday, January 08, 2003 3:18 PM
To: firewall-wizards () honor icsalabs com
Subject: [fw-wiz] HA Gauntlet 6.0 ???

HI all,

we are thinking on builiding and ha environment with 2 
gauntlet 6.0, looks 
like the only ha agent supoorted by gauntlet is the veritas 
cluster 4.7, 
am i rigth ???

Has enyone sucessfully tested or tried any ha agent with gauntlet 6 ??

TIA


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

HA Gauntlet 6.0 ??? jsanchez () myalert com (Jan 08)
- RE: HA Gauntlet 6.0 ??? Ben Nagy (Jan 09)
- Re: HA Gauntlet 6.0 ??? Darryl Luff (Jan 09)
- Re: HA Gauntlet 6.0 ??? Dean A Weber (Jan 09)
- Re: HA Gauntlet 6.0 ??? Paul Thomas (Jan 09)