At 11:38 AM 3/17/97 +1100, David Cragg wrote:
>
>I am wondering what is the most popular method other people
>use to keep their firewalls up and going in the event of
>disasters.
Here are three levels of "High Availability"
Level 1. Shadow disks. Mirror main disk with external drive. If main
drive fails, boot off spare. If machine fails move disk to another machine.
Level 2. Routed Parallel Firewalls. (Specifically FireWall-1) Using OSPF
dynamically reroute network upon failure of primary.
Level 3. Stonebeat keep alive software with dual FireWall-1 installations
in parallel. The Stonebeat element monitors primary FW from secondary. If
it detects outage it renumbers ports on secondary to be same as old primary
(IP address *and* MAC address). The advantage is that the network does not
have to learn new routes. Convergance time we have tested to less than 5
seconds. With FW-1 3.0 state is maintained across both firewalls. An
authenticated session sees only a five second delay. You *do not* have to
re-authenticate.
See www.stone.fi for more details/diagrams.
----------------------------------------------------------------------------
Richard Stiennon richards @
netrex .
com
Director, Business Development http://www.netrex.com
Netrex, Inc. Voice: 810-352-9643
Southfield, Michigan Fax: 810-352-2375
-----------------------------------------------------------------------------
Providing businesses and organizations with secure Internet solutions.
Follow-Ups:
References:
|
|
