[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Checkpoint IPS

Subject: Checkpoint IPS
From: eugen at imacandi.net (Eugeniu Patrascu)
Date: Wed, 4 Feb 2015 18:07:33 +0200
In-reply-to: <[email protected]>
References: <[email protected]> <CALgc3C4=cuhMy5YFYeZ353Ap_8ip3-garY6ytc_Rk4MTt=Gajg@mail.gmail.com> <[email protected]>

On Tue, Feb 3, 2015 at 5:41 PM, Michael Hallgren <m.hallgren at free.fr> wrote:

>  Le 03/02/2015 16:21, Eugeniu Patrascu a Ã©crit :
>
> On Mon, Feb 2, 2015 at 2:53 PM, Michael Hallgren <m.hallgren at free.fr>
> wrote:
>
>> Hi,
>>
>> Someone has positive or negative experience running
>> Checkpoint IPS cluster over ``long distance'' synch.
>> network? Real life limitations? Alternatives? Timers?
>>
>>
>  You can do "stretched" with Check Point as long as the network delay is
> less than around 70-100 msec RTT or so. If you do this, run your firewalls
> in Active/Standby modes.
>
>
> Thanks Eugeniu, I see what you mean. The specific case I'm looking at is
> about asymmetric routing, though.
>

Firewalls/IPS and asymmetric routing don't play nice. Try to change your
setup/design so that traffic enters/leaves your network segments through
the same security device.

Follow-Ups:
- Checkpoint IPS
  - From: m.hallgren at free.fr (Michael Hallgren)

References:
- Checkpoint IPS
  - From: m.hallgren at free.fr (Michael Hallgren)
- Checkpoint IPS
  - From: eugen at imacandi.net (Eugeniu Patrascu)
- Checkpoint IPS
  - From: m.hallgren at free.fr (Michael Hallgren)

Prev by Date: Recommended wireless AP for 400 users office
Next by Date: Checkpoint IPS
Previous by thread: Checkpoint IPS
Next by thread: Checkpoint IPS
Index(es):
- Date
- Thread