Firewall Wizards mailing list archives
Re: High availability firewalls
From: Adam Shostack <adam () homeport org>
Date: Tue, 20 Jan 1998 10:00:29 -0500 (EST)
You forgot the crossover links. Each firewall machine has 2 network interfaces per side (inside, outside, dmzside(?).) One interface on a side plugs into either hub, thus we get a crossbar architecture. It might also be worth looking at using a non star implementation, such as thinnet, to remove the hubs from the picture. Always struck me as a simpler solution, but couldn't sell my customers at the time on it. You do have the possibility of a transciever failure, but since those tend to be line powered, there is a lower chance of failure. Adam Jyri Kaljundi wrote: | So this seems more reliable: | | LAN 1 ------ router 1 -------- firewall 1 ------ LAN 2 | | | | | | ---- router 2 -------- firewall 2 ---- | | But is it better than the 1st diagram? When router 1 and firewall 2 go | down, the system will not work anymore, although in diagram 1 it would | still work. | | The question is, how to actually technically to it? On the firewalls side, | when firewall 1 goes down, the HA software assigns IP-address and | MAC-address of firewall 1 to firewall 2. Now how shall I let routers know | that 1 must go down and 2 must go up? What should be used, OSPF, RIP, and | how? | | Jyri Kaljundi | jk () stallion ee | AS Stallion Ltd | http://www.stallion.ee/ | | -- "It is seldom that liberty of any kind is lost all at once." -Hume
Current thread:
- High availability firewalls Jyri Kaljundi (Jan 19)
- Re: High availability firewalls Randy.Witlicki. (Jan 19)
- Re: High availability firewalls Roger Nebel (Jan 20)
- Re: High availability firewalls Billy Smith (Jan 20)
- Re: High availability firewalls Adam Shostack (Jan 20)
- Re: High availability firewalls Peter J. Cherny (Jan 21)
- Re: High availability firewalls chuck (Jan 20)
- Re: High availability firewalls Allen Todd (Jan 21)
- Re: High availability firewalls Jyri Kaljundi (Jan 22)
- Re: High availability firewalls Allen Todd (Jan 21)
- <Possible follow-ups>
- RE: High availability firewalls Gary Crumrine (Jan 20)
- RE: High availability firewalls Stefan Jon Silverman (Jan 21)
- RE: High availability firewalls Stout, William (Jan 21)
- Re: High availability firewalls Allen Todd (Jan 22)
- Re: High availability firewalls Randy.Witlicki. (Jan 19)