RE: firewall cluster

From: "Murda Mcloud" <murdamcloud@xxxxxxxxxxx>
Date: Wed, 28 Mar 2007 09:11:51 +1000

I'd balance the security of variety against the issues of misconfiguring
something because of the difference. Do you have one person who know each
system really well or someone who knows both?

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of sandra
Sent: Tuesday, March 27, 2007 8:18 PM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: firewall cluster

Hello,

We want to set up a cluster of two firewalls with heartbeat. It will be an
active-passive
cluster, so if main firewall fails, secondary firewall would become active.
We think that, although they are a cluster, they should have different
Operating Systems
(for example linux and BSD), so if a vulnerability has impact in our main
firewall and
drops it, the second firewall will start to serve without the same
vulnerability affecting it.
Do you think is a good idea or is better to have two identical firewalls for
compatibility
issues?
Which combination of Operating Systems do you recommend?
Thanks,

Sandra

References:
- firewall cluster
  - From: sandra

Prev by Date: Re: firewall cluster
Next by Date: RE: how to block web messenger services
Previous by thread: Re: firewall cluster
Next by thread: Carrying out an application security assessment for a Visual Basic application
Index(es):
- Date
- Thread

Relevant Pages

Re: firewall cluster
... We want to set up a cluster of two firewalls with heartbeat. ... cluster, so if main firewall fails, secondary firewall would become active. ... We think that, although they are a cluster, they should have different Operating Systems ... the second firewall will start to serve without the same vulnerability affecting it. ...
(Security-Basics)
Re: mpich and iptables firewall?
... to me it seems a very weird setup to have a firewall running ... on the cluster nodes. ... Using SGE you could disable rsh and ssh completely ... Chain FORWARD ...
(comp.parallel.mpi)
Re: firewall cluster
... I was thinking about installing one linux and one OpenBSD configured with HA in active-passive mode. ... Cluster with different OS: ... More complex in order to install, ... If a bug can drop one firewall, ...
(Security-Basics)
Re: Firewall Failover with pfsync and CARP
... we are using carp + pfsync + vlan in order to realize a cluster of firewall ... > Firewall Failover with pfsync and CARP ...
(comp.unix.bsd.openbsd.misc)
Re: firewall cluster
... I think you should take in account that the main reason to have a ha pair is for redundancy and availability and not to prevent firewall bugs. ... Deploy an ha solution with different OS could affect the effectiveness of the cluster itself. ... I was thinking about installing one linux and one OpenBSD configured with HA in active-passive mode. ...
(Security-Basics)