Re: Making a firewall redundant

From: al dav (
Date: 06/03/03

Date: Tue, 3 Jun 2003 14:41:18 +0200

"Maarten" <> wrote in message
> We want to make a firewall redundant in the following way: we have two
> server with exact the same firewall on it.
> When for example, the outside NIC of the first firewall goes down (not the
> whole system, where talking about linux here ... :-)) then we have to
> instantly switch over to the backup firewall server ...
> How can one accomplish this? Constantly polling if that outside nic is
> online? are there tools for monitoring this on a nearly realtime basis?
> Greetz,
> Maarten.

Is it really likely that your outside nic is going to go down but not the
system ???????

lets look at a couple of sinarios

        1) The leased line, ADSL, ISDN etc.... what ever you use goes down

        switching to a different firewall will make no difference unless you
have another connection to the internet and if you did I would use a router
to provide redundancy and your firewall sits behind the router.

     2) the actual firewall machine freezes up ............. I know it is
Linux so this will never happen right :-)

    use Linux-ha to setup a failover cluster and connect a serial cable
between the two firewalls, when the primary one fails the secondary will
automatically acquire the ip address of the primary and function in its

    3) the actual nic stops working on your firewall but the system is
actually fine ??? i have never heard of this in my life but you never know i

    install 2 nics and use bonding to allow them to both function as one the
load will be balanced and in the result of one failing the other will
continue with the full load.

hope some of this helps


Relevant Pages

  • Re: CEICW fails at firewall config
    ... Do you or do you not have ISA 2000 or ISA 2004 installed on the SBS server? ... Do you have 2 NICs in the SBS? ... CEICW fails on firewall configuration every time. ... >>> Call to Creating the protected networks access rule returned ok. ...
  • Re: Recycler security issues on IIS server
    ... > latest upates to the server. ... > like to see the server put behind our firewall, ... other software, install all patches, IISlockdown, URLscan, use the correct ... the procedures you follow may vary depending on your security needs. ...
    ... I delete the nat/basic firewall and stop and started the RRAS an tried to ... There were no critical events in the DNS Server Log in the last 24 hours. ... An error occurred during logon ... Caller User Name: - ...
  • Re: For Microsoft Partners and Customers Who Cant Download or Access
    ... to reconfigure the firewall, but to use a static IP on your client ... and to make sure that the DNS server entries on the client are ... Microsoft for ... use a static IP and set the DNS server addresses to the DNS ...
  • Re: login attempts
    ... > Every day i have on my win2000 iternet server a lots of wrong login ... Windows by default allows ... You also need a firewall. ... the internet, except for those ports you know you're using. ...