Firewalls: Re: Firewall high availability Strategy

Firewalls
(March 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Firewall high availability Strategy
From:	Roger Young <youngr @ erinet . com>
Date:	Sun, 23 Mar 1997 23:44:34 -0500
To:	David Cragg <david @ ilanet . slnsw . gov . au>
Cc:	Firewalls @ GreatCircle . COM
References:	<199703170038 . LAA00196 @ slid . slnsw . gov . au>
Reply-to:	youngr @ erinet . com

David Cragg wrote:
> 
> I am wondering what strategies people have in place incase their
> firewalls go bung (eg. a disk crash). Our main priority here is to
> minimise downtime. I am looking at a number of options, but
> they either impact performance or cost heaps (eg mirroring
> and redundant firewalls).
> 
> I am wondering what is the most popular method other people
> use to keep their firewalls up and going in the event of
> disasters.
> 
> Regards,
> 
> David Cragg

David,

I am always interested in solutions that are elegant and without
significant cost. The following few ideas come to mind (but they are
neither elegant or inexpensive):

Keep an external mirrored drive rather that 2 internal drives on the
production firewall (assume SCSI). Should the processor fail, you could
more quickly deploy the external mirrored drive on a hot standby
processor. Some folks periodically break the mirror, remove the first
external drive and rebuild a second external drive. One alternately sits
on the shelf (or off site) ready to go.

The mirroring idea will buy time in recovering the primary firewall
machine, but you will have some manual work to do in "hooking up" the
secondary backup machine and later in the disaster recovery process on
the primary box. Hopefully you are religious about backing up the
firewall system to tape.

If you decide to mirror, consider duplexing them with 2 separate SCSI
controllers. Having a dual bus configuration is even better. 

Hardware vendors are offering increasingly attractive "High
Availability" servers with automatic failover. 

These servers use failover strategies with a heart-beat sensor between
processors, a single shared SCSI drive cabinet (using mirroring or other
RAID implementation) with redundant controllers, and pseudo IP
addressing on the secondary box to handle the NIC failover. Other
beneficial features to deploy include hot-pluggable disk drives,
redundant power supplies, and fans. 

You are right - these ideas cost heaps, but things are getting more
reasonable. One has to determine how much firewall uptime is worth and
what is the estimated failure risk by component, and try to justify the
expenditures. 

You have posed a valid issue that the hardware vendors hope to exploit
with the "High Availability" concept. Not sure what the firewall product
vendors can do to address the issue from a "soft" standpoint. Curious to
know what others are doing as well.

Regards, Roger

References:

Firewall high availability Strategy
From: David Cragg <david @ ilanet . slnsw . gov . au>

Indexed By Date	Previous:	Re: A C2 parable From: Rabid Wombat <wombat @ mcfeely . bsfs . org>
Indexed By Date	Next:	Re: virus plant in MS Word From: Stelios Valavanis <stel @ onshore . com>
Indexed By Thread	Previous:	Re: Firewall high availability Strategy From: Adam Shostack <adam @ homeport . org>
Indexed By Thread	Next:	Re: Firewall high availability Strategy From: "Michael Cunningham" <Michael . Cunningham @ voicenet . com>