The Nortel Networks ASF has some unique capabilities, notably DMZ partitioning and PnP scaling, that allow for both scale-up and scale-out of the firewall solution. Nortel Networks provides training on such capabilities as part of the system installation process. Details on the operational considerations of managing ASFs are provided later in this chapter.
Large networks are typically very robust in design, and effective management can be difficult. Nortel Networks provides a single management solution for the ASFs by using the Check Point software management suite.
When operating a large network, the firewalls must scale to take advantage of the capacity of the server and application requirements. The firewalls must be able to scale in bandwidth, and you must maintain a very secure environment for the traffic within the data center while still providing access to external resources. This does impose some requirements on the security administrator; for example, the firewalls need to support and scale the number of add/drop sessions per second and concurrent number of sessions while maintaining adequate throughput.
When running multiple firewalls, whether multiple instances of the same firewall or a number of different firewalls working together, the key requirement is that the firewalls not interfere with one another and maintain state between themselves for failover and failback purposes. Nortel Networks provides a single image configuration for the Alteon Firewall Cluster that provides the security administrator with the ability to perform upgrades and other administrative tasks on a single firewall, while synchronization procedures populate the changes to the rest of the cluster.
No comments:
Post a Comment