Checkpoint FW1 failover requirements?

- S
- SJ
  
  Contact options for registered users
posted
19 years ago

Wed, Feb 23, 2005 5:39 AM

Hello, We currently are running a Checkpoint NG firewall on a Solaris box with an Enterprise license for unlimited users.

I am looking to set up another identical Solaris box running Checkpoint to be a failover/standby when the first one would fail. I am not looking for load balancing.

My question: Is this functionality built in to the NG firewall software itself? And would we have to pay for another ($20K) Enterprise licence to make this happen?

If this scenario requires another Enterprise license to be purchased, it would probably just make more sense to buy two Cisco PIXes in a standby/failover configuration and save a bunch of money.

Any help or advice would be greatly appreciated. Thank you!

Loading thread data ...

- T
- Thomas Marko
  
  Contact options for registered users
Vote on answer
posted
19 years ago

Thu, Feb 24, 2005 1:26 PM

Yes, there is a functionality in FW-1/VPN-1 which is called CPHA which can do standby HA but can also do Load Balancing (depends on how many coins you'll through into the slot ;-)

You can also realize HA using the protocol VRRP (builtin in Nokia and Nortel Alteon Appliances, and ?).

AFAIK you will need a license for the second module, but not for a second management server. If you use CPHA you will have to purchase a ClusterXL license.

Please do not compare a Check Point FW-1/VPN-1 with a Cisco PIX. Just looking for the price when buying a firewall is IMHO the wrong way.

Cheers, Thomas

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.