|
Posted by Thomas Marko on February 24, 2005, 8:26 am
If you were Registered and logged in, you could reply and use other advanced thread options
SJ wrote:
> Hello,
> We currently are running a Checkpoint NG firewall on a Solaris box with
> an Enterprise license for unlimited users.
>
> I am looking to set up another identical Solaris box running Checkpoint to
> be a failover/standby when the first one would fail.
> I am not looking for load balancing.
>
> My question: Is this functionality built in to the NG firewall software
> itself?
Yes, there is a functionality in FW-1/VPN-1 which is called CPHA which
can do standby HA but can also do Load Balancing (depends on how many
coins you'll through into the slot ;-)
You can also realize HA using the protocol VRRP (builtin in Nokia and
Nortel Alteon Appliances, and ?).
> And would we have to pay for another ($20K) Enterprise licence to make this
> happen?
AFAIK you will need a license for the second module, but not for a
second management server. If you use CPHA you will have to purchase a
ClusterXL license.
> If this scenario requires another Enterprise license to be purchased, it
> would probably just make more sense to buy two Cisco PIXes in a
> standby/failover configuration and save a bunch of money.
Please do not compare a Check Point FW-1/VPN-1 with a Cisco PIX. Just
looking for the price when buying a firewall is IMHO the wrong way.
Cheers,
Thomas
| 
XML site map