On Tue, Feb 3, 2015 at 5:41 PM, Michael Hallgren <m.hallg...@free.fr> wrote:
> Le 03/02/2015 16:21, Eugeniu Patrascu a écrit : > > On Mon, Feb 2, 2015 at 2:53 PM, Michael Hallgren <m.hallg...@free.fr> > wrote: > >> Hi, >> >> Someone has positive or negative experience running >> Checkpoint IPS cluster over ``long distance'' synch. >> network? Real life limitations? Alternatives? Timers? >> >> > You can do "stretched" with Check Point as long as the network delay is > less than around 70-100 msec RTT or so. If you do this, run your firewalls > in Active/Standby modes. > > > Thanks Eugeniu, I see what you mean. The specific case I'm looking at is > about asymmetric routing, though. > Firewalls/IPS and asymmetric routing don't play nice. Try to change your setup/design so that traffic enters/leaves your network segments through the same security device.
