Re: firewall cluster



Sandra,

If you are clustering different operating systems as part of a
redundant solution, I would suggest adding A and B nodes for each OS.
The reason being that you will want to insure that your test upgrades
indeed have no chance of impacting your availability if for some
change one OS crashes.

What products or tools are you looking at to implement the platform?
Will you be choosing a vendor or software package that is supported
between the OS at the same build levels to implement the clustering?

Regards,

Leif Hardison

On 3/27/07, sandra <sandra@xxxxxxxxxxx> wrote:
Hello,

We want to set up a cluster of two firewalls with heartbeat. It will be an active-passive
cluster, so if main firewall fails, secondary firewall would become active.
We think that, although they are a cluster, they should have different Operating Systems
(for example linux and BSD), so if a vulnerability has impact in our main firewall and
drops it, the second firewall will start to serve without the same vulnerability affecting it.
Do you think is a good idea or is better to have two identical firewalls for compatibility
issues?
Which combination of Operating Systems do you recommend?
Thanks,

Sandra





Relevant Pages

  • Re: mpich and iptables firewall?
    ... to me it seems a very weird setup to have a firewall running ... on the cluster nodes. ... Using SGE you could disable rsh and ssh completely ... Chain FORWARD ...
    (comp.parallel.mpi)
  • Re: firewall cluster
    ... I was thinking about installing one linux and one OpenBSD configured with HA in active-passive mode. ... Cluster with different OS: ... More complex in order to install, ... If a bug can drop one firewall, ...
    (Security-Basics)
  • Re: Firewall Failover with pfsync and CARP
    ... we are using carp + pfsync + vlan in order to realize a cluster of firewall ... > Firewall Failover with pfsync and CARP ...
    (comp.unix.bsd.openbsd.misc)
  • Re: firewall cluster
    ... I think you should take in account that the main reason to have a ha pair is for redundancy and availability and not to prevent firewall bugs. ... Deploy an ha solution with different OS could affect the effectiveness of the cluster itself. ... I was thinking about installing one linux and one OpenBSD configured with HA in active-passive mode. ...
    (Security-Basics)
  • Re: mpich and iptables firewall?
    ... if I interpret the firewall config correctly, then you allow ssh ... to me it seems a very weird setup to have a firewall running ... on the cluster nodes. ... Chain FORWARD ...
    (comp.parallel.mpi)