Great Circle Associates Firewalls
(March 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Firewall and "single point of failure" issue
From: Colin Campbell <sgcccdc @ citec . qld . gov . au>
Date: Fri, 14 Mar 1997 13:41:08 +1000 (EST)
To: uskanbye @ ibmmail . com
Cc: firewalls @ GreatCircle . COM
In-reply-to: <199703121926 . LAA11161 @ honor . greatcircle . com> from "uskanbye @ ibmmail . com" at Mar 12, 97 02:24:06 pm 
Hi,

We're in much the same position


                internet
                   |
                router
                   |
            ----------------
               |        |
              b1        b2
               |        |
            ----------------
                   |
                inside

b2's external interface is down by default. We use a 'floating ip'
for the firewall by using the 'alias' facility of Solaris. b2 will
monitor b1 and upon detecting failure, assume the identity of b1
both inside and out.

> - in case of firewall failure, fall back on router packet filtering
>   without a firewall in place.

This leaves me cold. I should trash your firewall and then all I
have to worry about is getting through the router.

In my case, both dead and we're off the air.

Colin
References:
Indexed By Date Previous: TIS Gauntlet FTP ?
From: John Madincea <71333 . 2026 @ CompuServe . COM>
Next: RE: Microsoft Defines Internet?
From: Russ <Russ . Cooper @ RC . on . ca>
Indexed By Thread Previous: Re: Firewall and "single point of failure" issue
From: Arley Carter <ac @ twinds . com>
Next: RE: Firewall and "single point of failure" issue
From: Joseph Judge <joej @ joesmac . ultranet . com>
Google
 
Search Internet Search www.greatcircle.com