Archived from groups: comp.security.firewalls (
More info?)
Appears I misunderstood your problem, your explaination of what you are
attempting to do makes it clear that you do have a handle on the problem. I
will anxiously monitor this thread to see what the eventual solution ends up
being.
"CHANGE USERNAME TO westes" <DELETE_westes@earthbroadcast.com> wrote in
message news:nZOdnVy5NcPRpDfdRVn-sw@giganews.com...
> Checkpoint has persistence of sessions, but under Windows 2000 Checkpoint
> does NOT implement the behavior of sending outbound packets on the same
> interfaces they arrived. Checkpoint only modifies the headers of the IP
> packet, and then it passes the packet to standard Windows networking.
> Windows networking in turn only recognizes one default outgoing route.
>
> Regarding failover, you are looking at the problem backwards. I'm not
> trying to configure a behavior for sessions that are initiated on our
side.
> Our mail host will be seen through its public MX records as being two
> separate MX hosts with two separate IP addresses on different networks.
> So the case I care about is where an outside mail server initiates a
> connection into us on different ISP networks. I need to make sure that
the
> packets return back on the same interface they arrived.
>
> --
> Will
> westes AT earthbroadcast.com
>
> "Beoweolf" <Beoweolf@pacbell.net> wrote in message
> news:WEdqc.50046$OB4.23079@newssvr29.news.prodigy.com...
> > From the requirements you mentioned. What you are looking for is a
> > "persistant" or "Sticky" session. Server Persistance and/or client
> > Persistance for sessions is required if you are using MEP (multi entry
> > protocols) for redundant connections.
> >
> > I know that CheckPoint has it. As far as using different ISP as carrier
> > providors. What you need to do is configure fail over or High
availablity
> > that will sense a failure on the primary connection and failover to the
> > secondary connection in case of failure.
> > "CHANGE USERNAME TO westes" <DELETE_westes@earthbroadcast.com> wrote in
> > message news:0M2dneKSTtvNhzXdRVn-sw@giganews.com...
> > > I'm looking for a firewall or router that will run on Windows 2000
that
> > can
> > > route packets out on the same interface they arrived on, or could
apply
> > > different routing tables based on the interface to which a packet
> arrives.
> > > This is to support a mail server which we want to connect to two ISP
> > > networks. We don't want a default outgoing route on any one
interface,
> > > which is what Windows 2000's IP implementation requires.
> > >
> > > If this is not available for Windows, is it available for any UNIX
> > > implementation?
> > >
> > > --
> > > Will
> > > westes AT earthbroadcast.com
> > >
> > >
> >
> >
> > ---
> > Outgoing mail is certified Virus Free.
> > Checked by AVG anti-virus system (http://www.grisoft.com).
> > Version: 6.0.686 / Virus Database: 447 - Release Date: 5/14/2004
> >
> >
>
>
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.686 / Virus Database: 447 - Release Date: 5/14/2004