Hi
Qualix Group has a solution which integrates their QHA+ product
(called Veritas FirstWatch before) with the Checkpoint Firewall-1,
sample configuration follows:
1.two fw box running the same product(FWTK ,FW1 ...) with the same
configuation
under the same serving IP address .
2.a shared disk(array) for firewall application data like user account
file.
3.heartbeat network interface for inernal communication
( 2*eth or 1*eth+1*ppp for each of boxs)
4.write an agent(in script ,C ..) which responsible for re/starting ,
shutdown ,failure detection of the active fw box.
features:
1.IP address (and MAC address) will be failovered to the hot standby box
2.strong logging support help your analysis.
for UDP traffic with good client support of retries or retransmision ,you
can get a transparent failover.for TCP traffic ,reconnect is needed .
without 'kernel' support from firewalls , transparent failover is much more
difficult.
hope helpful.
Albert Liu
|
|
