From: Michael Le (mmle@xxxxxxxxxxxxxxxxx)
Date: Tue Feb 20 2001 - 00:54:54 GMT-3
Since firewalls shouldn't run routing protocols,
could someone give me advice on how to set up my
proposed redundant firewalls.
Please refer to my ugly ASCII network.
[BGP]---[BGP]
| |
--[PIX]---[PIX]--
| | | |
| [ A ]---[ A ] |
| | | |
--[CPT]---[CPT]--
| |
[ B ]---[ B ]
I plan to have two failover PIXs right behind two
BGP routers to the Internet. On the inside of the PIXs
I have one connection going to Network A and another
going to Network B. But right in front of Network B
(critical production network), I have a load balancing
set of Checkpoint firewalls. The Checkpoints are
connected to both Network A & B, which are actually
6509 w/MSFCs.
I want it done so that the Checkpoint will forward
data to A when destined there and send all other
packets to the PIX. However, if the Checkpoint's link
to the PIX goes down, I want it to be able to send
traffic through network A and to the PIX from
there. I want it to work the other way around for the
PIX going to network B.
My question is, how would I do that if the
firewalls don't run a routing protocol? Do the PIXs
allowing for floating statics?
Thanks for your help.
Michael
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:28:53 GMT-3