nanog mailing list archives

Re: Checkpoint IPS

From: Michael Hallgren <m.hallgren () free fr>
Date: Tue, 03 Feb 2015 16:41:45 +0100

Le 03/02/2015 16:21, Eugeniu Patrascu a écrit :

On Mon, Feb 2, 2015 at 2:53 PM, Michael Hallgren <m.hallgren () free fr
<mailto:m.hallgren () free fr>> wrote:

    Hi,

    Someone has positive or negative experience running
    Checkpoint IPS cluster over ``long distance'' synch.
    network? Real life limitations? Alternatives? Timers?


You can do "stretched" with Check Point as long as the network delay
is less than around 70-100 msec RTT or so. If you do this, run your
firewalls in Active/Standby modes.


Thanks Eugeniu, I see what you mean. The specific case I'm looking at is
about asymmetric routing, though.


Cheers,

mh

Current thread:

Checkpoint IPS Michael Hallgren (Feb 02)
- Re: Checkpoint IPS Eugeniu Patrascu (Feb 03)
  - Re: Checkpoint IPS Michael Hallgren (Feb 03)
    - Re: Checkpoint IPS Eugeniu Patrascu (Feb 04)
    - Re: Checkpoint IPS Michael Hallgren (Feb 04)
    - Re: Checkpoint IPS Roland Dobbins (Feb 04)
    - Re: Checkpoint IPS Michael Hallgren (Feb 04)
    - Re: Checkpoint IPS Valdis . Kletnieks (Feb 05)
- Re: Checkpoint IPS Roland Dobbins (Feb 04)
  - Re: Checkpoint IPS Michael Hallgren (Feb 04)
    - RE: Checkpoint IPS Terry Baranski (Feb 05)
    - Re: Checkpoint IPS Michael O Holstein (Feb 05)
    - Re: Checkpoint IPS Roland Dobbins (Feb 05)

(Thread continues...)