Richard Stiennon wrote:
| At 11:38 AM 3/17/97 +1100, David Cragg wrote:
| Level 3. Stonebeat keep alive software with dual FireWall-1 installations
| in parallel. The Stonebeat element monitors primary FW from secondary. If
| it detects outage it renumbers ports on secondary to be same as old primary
| (IP address *and* MAC address). The advantage is that the network does not
| have to learn new routes. Convergance time we have tested to less than 5
| seconds. With FW-1 3.0 state is maintained across both firewalls. An
| authenticated session sees only a five second delay. You *do not* have to
http://www.stonebeat.com/sb-wp.html#How StoneBeatTM writes:
>Simple TCP connections like telnet, http, smtp etc. won't event
>disconnect while the switch over. More sophisticated connections, like
>FTP and RPC, where the firewall module contains more state information
>of the connections needs to be re-established after the switch over.
>(See FireWall-1TM v3.0 Connection Control option which may be used to
Sounds like they're using ACK bits in the first level of fail over.
The last time I looked for details on "Connection Control's"
authentication and integrity mechanisms, no useful info was available.
I'm sure someone will point out if this has changed.
"Well, that depends. Do you mind the end of civilization as we know