Checkpoint IPS

Michael Hallgren m.hallgren at free.fr
Tue Feb 3 15:41:45 UTC 2015


Le 03/02/2015 16:21, Eugeniu Patrascu a écrit :
> On Mon, Feb 2, 2015 at 2:53 PM, Michael Hallgren <m.hallgren at free.fr
> <mailto:m.hallgren at free.fr>> wrote:
>
>     Hi,
>
>     Someone has positive or negative experience running
>     Checkpoint IPS cluster over ``long distance'' synch.
>     network? Real life limitations? Alternatives? Timers?
>
>
> You can do "stretched" with Check Point as long as the network delay
> is less than around 70-100 msec RTT or so. If you do this, run your
> firewalls in Active/Standby modes.
>

Thanks Eugeniu, I see what you mean. The specific case I'm looking at is
about asymmetric routing, though.


Cheers,

mh




More information about the NANOG mailing list