Chapter 12: Advanced VPN Configurations

Previous page
Table of content
Next page

Introduction

The Internet and Internet services have become increasingly important to businesses over time, and many organizations are choosing to implement measures to keep these services highly available to their staff or to their customers. The first task is identifying which services are business-critical, and then determining the best solution to keep that service available 99.9 percent of the time. The reason that keeping a service available is an issue at all is because the Internet and networking technology is not fail-proof. Your ISP (Internet Service Provider) connection could be down or slow, your internal router could lose its routing table and stop passing packets, or you could have a hardware failure or power failure at any point in the network infrastructure, which could cause any number of service interruptions.

So, what can you do to prevent these outages from happening? Well, you probably can t control them 100 percent of the time, regardless of how much time, money, and effort you put into the project, but you can make a considerable dent in downtime by setting up some redundant systems and configuring them to fail over in the event of a failure.

For example, suppose your company prints a well-known newspaper on the East Coast, and having the Internet available to your reporters is business-critical, since they use this source of information for many of their articles. Therefore, it s your job to have a redundant Internet connection with failover abilities . You could contract two ISPs, have two routers set up at each end of each ISP connection, have two or four firewalls set up to fail over, and have two routers inside each firewall, all plugged into various uninterruptible power supplies (UPSs). This is a complicated configuration, but it can be an operational means to have a high availability connection to the Internet.

This chapter will briefly discuss the Check Point High Availability (CPHA) and Check Point Load Sharing (CPLS) modules, as well as a few network configuration models in which Check Point will allow VPNs (virtual private networks) to fail over. This is only a brief overview; high availability and load sharing using both Check Point s internal and Nokia s IPSO mechanisms are covered in-depth in the sister book to this one, Check Point NG VPN-1/FireWall-1: Advanced Configuration and Troubleshooting (Syngress Publishing, ISBN: 1-931836-97-3).



Previous page
Table of content
Next page
Check Point NG[s]AI
Check Point NG[s]AI
ISBN: 735623015
EAN: N/A
Year: 2004
Pages: 149
BUY ON AMAZON
Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
Pocket Guide to the National Electrical Code(R), 2005 Edition (8th Edition)
What is Lean Six Sigma
.NET-A Complete Development Cycle
Programming .Net Windows Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy