 |
Rainwall High Availability for Checkpoint VPN-1/Firewall-1 |
| |
Rainwall High Availability for Checkpoint VPN-1/Firewall-1 |
Overview...
Business continuity starts with high availability.Given the importance of a reliable connection to the outside world, security firewalls need to be fast, scalable and always-on.RainWall ensures business continuity by extending the high availability and reliability of critical security and Internet resources.RainWall is an OPSEC™-certified high availability solution for Check Point VPN-1/ FireWall-1 gateway servers and appliances.RainWall's advanced network clustering software delivers transparent fail-over, linear scalability and rapid deployment.
RainWall™ is an award-winning high availability and load balancing software solution for firewalls and VPN gateways. RainWall increases reliability and speed for these security enforcement points by clustering two or more firewall and VPN servers together into a single redundant system.RainWall detects network, hardware, and software failures, and instantly redirects traffic around the problem, ensuring continuous availability.RainWall dynamically load balances firewall and VPN traffic by optimizing the total capacity of clustered servers.
No other firewall load balancing solution scales like RainWall.
Extends Business Continuity
RainWall eliminates the expensive and complex "firewall sandwich" approach to high availability that requires a minimum of four external hardware load balancers. RainWall's network-efficient layer-3 clustering technology installs directly on the firewall and doesn't require external load balancers or an extra Network Interface Card (NIC). The bottom line: RainWall is far less expensive and difficult to maintain. RainWall is the perfect solution for business centers that lack the IT expertise or budget required for alternative solutions.
Maximises Uptime
RainWall eliminates the firewall or VPN gateway as a single point of failure. RainWall's intelligent firewall failure detection continuously monitors the firewall server, processes, and connectivity for proper operation. When it detects a failure, RainWall instantly shifts all traffic from the failed gateway to functioning ones. Rainfinity's transparent fail-over ensures that user sessions will not be interrupted or require VPN re-authentication. RainWall also allows VPN-1/FireWall-1 gateways to be taken off-line for maintenance during production hours without downtime.
Deploys Simply
RainWall is a software-only solution
that installs directly on your existing firewall servers, eliminating the need
for additional layers of proprietary or unnecessary hardware. For ease of
migration from a single-gateway design, the cluster can be configured with a
single virtual IP address per subnet, making it appear as a single device to the
rest of the network. RainWall's advanced layer-3 clustering technology is fully
compatible with Ethernet switches, so there is no need to configure routers or
switches with multicast MAC addresses. RainWall's web-based GUI enables
configuration to propagate across all nodes in the cluster. Licensing is based
on a simple software key, not tied to IP addresses, making it easy to reinstall
or upgrade.
Fig1. Rainwall reduces costs and complexity by installing directly on your existing VPN-1/Firewall-1 servers.
Integrates with Checkpoint
RainWall seamlessly integrates with Check Point's management console so all events and status information is accessible from a single operator console. This includes the health status of RainWall clusters that are directly integrated into the management console. RainWall completely leverages Check Point's CPMI interface to make this integration seamless and eliminate special maintenance and management of the interface. RainWall also extracts Check Point firewall policies to automatically configure RainWall traffic policies.
Scales Linearly
RainWall dynamically distributes traffic across multiple gateways, harnessing their combined processing power to boost performance and prevent bottlenecks. RainWall employs a dynamic load balancing mechanism to optimize cluster performance and distribute traffic selectively based on the current load and capacity of each node. Less advanced clustering approaches rely on a shared MAC address and are limited to the scalability of a single-NIC. RainWall also employs connection-based load balancing to ensure VPN traffic integrity. Without the ability to intelligently recognize and group packets load balancing does not work properly in NAT and VPN environments. The result: RainWall leverages the full speed of your switched network infrastructure to deliver greater than wire-speed throughput and provide near-linear performance scalability.
Delivers Value
RainWall offers the best price
performance, software-only high availability and load balancing solution
available for Check Point VPN-1/Firewall-1. RainWall's advanced clustering
delivers scalability comparable with hardware-based solutions that cost several
times more than RainWall and is the leading provider of High Availability
software for OPSEC appliances.
Features
Benefits
Figure 2: The Configuration
Wizard automatically distributes configuration files and detects discrepancies
across all nodes in a cluster.
Figure 3: VPN-1 4.1 Throughput with RainWall Scalable Firewall Cluster.
Figure 4: FireWall-1 4.1 Throughput with RainWall Scalable Cluster
Checkpoint VPN-1/Firewall-1
Checkpoint NG FP2
Operating System
Solaris ( 32-bit or 64-bit mode )
Windows 2000 Server or Advanced Server
RedHat Linux 7.2 (2.4.19-31 kernel)
Software that Actually is Rocket Science
Rainfinity’s patented clustering technology, RAIN (Reliable Array of Independent Nodes), was developed by a team of scientists from CalTech (California Institute of Technology) in collaboration with NASA and the Jet Propulsion Laboratory to ensure that standard system components could be deployed in space without suffering downtime. RAIN is the foundation for Rainfinity’s highly available, scalable clustering software that is used by major corporations worldwide.