| Network Description | Redundant Sun Firewalls (Check Point Firewall-1) With 1-4 second OSPF Failover |
| Authors | Original: Brooke Paul,
Tom Greco, Mike
Coogan , Joel Moore Modified: Jason Witty, Alex Mesin, Rich Angeletti |
| Details | This design uses dual Sun Ultra 250 servers, running Gated and Check Point Firewall-1. The firewalls share state information via the sync connection, depicted below. This allows for fast, automatic, failover of all TCP sessions at no additional cost. It was designed to provide enterprise level access to the Internet and 3rd party extranet clients, as well as provide a shared web hosting environment (DMZ). Note the design utilizes public IP address space in teh DMZ ONLY. All other network segments use RFC 1918 IPs. The design can also easily be retro-fitted to allow for redundant Internet or Extranet Routers (has already been done in subsequent designs.) |
| Performance | In production, this design has had no problems handling a 12Mb, full-duplex Internet connection, 120 Extranet circuits ranging from 56k to 1.5Mb each, approximately 200 web sites, and 9500 back-end users. |
| Configuration Files | Gated.Conf Files for each firewall: Top, Bottom |