[177742] in North American Network Operators' Group
Re: Checkpoint IPS
daemon@ATHENA.MIT.EDU (Michael Hallgren)
Tue Feb 3 10:43:51 2015
X-Original-To: nanog@nanog.org
Date: Tue, 03 Feb 2015 16:41:45 +0100
From: Michael Hallgren <m.hallgren@free.fr>
To: Eugeniu Patrascu <eugen@imacandi.net>
In-Reply-To: <CALgc3C4=cuhMy5YFYeZ353Ap_8ip3-garY6ytc_Rk4MTt=Gajg@mail.gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Reply-To: mh@xalto.net
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Le 03/02/2015 16:21, Eugeniu Patrascu a écrit :
> On Mon, Feb 2, 2015 at 2:53 PM, Michael Hallgren <m.hallgren@free.fr
> <mailto:m.hallgren@free.fr>> wrote:
>
> Hi,
>
> Someone has positive or negative experience running
> Checkpoint IPS cluster over ``long distance'' synch.
> network? Real life limitations? Alternatives? Timers?
>
>
> You can do "stretched" with Check Point as long as the network delay
> is less than around 70-100 msec RTT or so. If you do this, run your
> firewalls in Active/Standby modes.
>
Thanks Eugeniu, I see what you mean. The specific case I'm looking at is
about asymmetric routing, though.
Cheers,
mh
