On Tue, Feb 3, 2015 at 5:41 PM, Michael Hallgren <m.hallgren@free.fr> wrote:
Le 03/02/2015 16:21, Eugeniu Patrascu a écrit :
On Mon, Feb 2, 2015 at 2:53 PM, Michael Hallgren <m.hallgren@free.fr> wrote:
Hi,
Someone has positive or negative experience running Checkpoint IPS cluster over ``long distance'' synch. network? Real life limitations? Alternatives? Timers?
You can do "stretched" with Check Point as long as the network delay is less than around 70-100 msec RTT or so. If you do this, run your firewalls in Active/Standby modes.
Thanks Eugeniu, I see what you mean. The specific case I'm looking at is about asymmetric routing, though.
Firewalls/IPS and asymmetric routing don't play nice. Try to change your setup/design so that traffic enters/leaves your network segments through the same security device.