At 12:29 AM 1/23/96 +0100, you wrote:
>We are asked to warrant a >99,5% uptime for a firewall system in a financial
>organization. We're trying to figure out what's the best way to manage such
>a problem (a fault-tolerant hardware solution? A multiple firewall solution?
>other tricky configurations?).
>Has anybody out there already experienced and solved such a problem?
Sorry, but I am not aware of any vendor which has a fault-tolerant firewall.
Probably the best way to deal with this is to find a firewall which has the
capability of running multiple firewalls in parallel.
The firewalls should have the capability of being managed from a central
location (SECURELY). Synchronization of the firewall rules is also important
- to keep all of the firewalls filtering the same way.
Also, don't forget to build redundancy into your capabilities. I would
recommend having a firewall installed in at least two different locations
- each of which connected to a different ISP (Internet Service Provider).
Further, it wouldn't hurt if you the firewall at the remote site had a
firewall administrator who was trained in the care and feeding of the
firewall in the event of an emergency (unless you enjoy travelling).
Fortified Networks Inc. - Management & Information Security Consulting
Phone: (317) 573-0800 - http://www.fortified.com/fortified/
The opinions expressed above are of the author and may not
necessarily be representative of Fortified Networks Inc.