It is not necessary to email me directly because
I am on fw-1-mailinglist @
us .
checkpoint .
com alias.
If I don't reply to posts to the alias, it can only be because
I don't reply, not because I didn't see the post!
(!!)
jj>Date: Wed, 9 Jul 1997 20:00:35 -0800
jj>From: drexx @
pspi .
com .
ph (Drexx Laggui)
jj>To: firewalls @
greatcircle .
com, fw-1-mailinglist @
us .
checkpoint .
com
jj>Subject: [FW-1] on PC-SKIP & high-availability
jj>Cc: Jerald .
Josephs @
Ebay
jj>
jj>Hello World,
jj>
jj>Can you please help me clarify some points for me?
jj>
jj>1] If the primary FW-1 v3.0 (in Paris) fails the 2ndary FW-1 v3.0 (in
jj> London) will, of course, take over. I presume the London FW-1 won't
jj> take over the IP address of the Paris FW-1 (like what happens with
jj> the Qualix HA) so I guess the corporate routers will have to be
jj> re-configured with updated routing tables. How? With a whole lot of
jj> ICMP redirects?
You are correct in that FireWall-1 does not bundle a solution like that
provided by Qualix.
One solution is for the hosts behind Paris to have both Paris and London
defined as default routers. A Solaris 2.x workstation will use the first
available default router in its route table. If that router is not available,
then the timeout for a reply is exceeded and Solaris automatically moves onto
the next default route in the table.
Those host that can not operate this way will have to have their default route
changed or behind a gateway that is doing dynamic routing.
It is that gateway that would provide an ICMP redirect for the internal hosts
because it would learn that Paris went down and that London is still available.
jj>
jj>2] Can a M$-Windows 95 client with PC-SKIP connect to a SKIP-enabled FW-1
jj> (remotely or locally) with full SKIP compatibility ?
jj>
That is a good question.
I am getting ready next week to test the interoperability between 3.0 DES
and SunScreen SPF-100. After that we will test SunScreen EFS and then SKIP
for Solaris. Hopefully, I can provide a timely reply regarding PC-SKIP as
well.
jj>Salamat po,
jj>Drexx.
jj>
jj>"It's a dirty job, but somebody's gotta do it." -- John Wayne
jj>~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~
jj> ______
jj> /_____/\ DEXTER D. LAGGUI
jj> /_____\\ \ Systems Engineer, CSD-TSR
jj> /_____\ \\ / PHILIPPINE SYSTEMS PRODUCTS INC.
jj> /_____/ \/ / / Penthouse, Corporate Business Center
jj> /_____/ / \//\ 150 Paseo de Roxas Ave., Legaspi Village
jj> \_____\//\ / / Makati City, Philippines
jj> \_____/ / /\ /
jj> \_____/ \\ \ Phone: (++ 63-2) 813-6453 to 55 loc. 222
jj> \_____\ \\ Fax : (++ 63-2) 813-3516
jj> \_____\/ Email: drexx @
pspi .
com .
ph
jj> Pager: (++ 63-2) 1277-33615
jj>~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~
/\ Jerald E. Josephs
\\ \ Course Developer - Network Security
\ \\ / Sun Educational Services
/ \/ / /
/ / \//\
\//\ / /
/ / /\ /
/ \\ \ Phone/VM: 408-276-0941
\ \\ FAX: 408-276-1565
\/ E-mail: jerald .
josephs @
EBay .
Sun .
COM
|
|
