David Cragg wrote:
> I am wondering what strategies people have in place incase their
> firewalls go bung (eg. a disk crash). Our main priority here is to
> minimise downtime. I am looking at a number of options, but
> they either impact performance or cost heaps (eg mirroring
> and redundant firewalls).
> I am wondering what is the most popular method other people
> use to keep their firewalls up and going in the event of
> David Cragg
I am always interested in solutions that are elegant and without
significant cost. The following few ideas come to mind (but they are
neither elegant or inexpensive):
Keep an external mirrored drive rather that 2 internal drives on the
production firewall (assume SCSI). Should the processor fail, you could
more quickly deploy the external mirrored drive on a hot standby
processor. Some folks periodically break the mirror, remove the first
external drive and rebuild a second external drive. One alternately sits
on the shelf (or off site) ready to go.
The mirroring idea will buy time in recovering the primary firewall
machine, but you will have some manual work to do in "hooking up" the
secondary backup machine and later in the disaster recovery process on
the primary box. Hopefully you are religious about backing up the
firewall system to tape.
If you decide to mirror, consider duplexing them with 2 separate SCSI
controllers. Having a dual bus configuration is even better.
Hardware vendors are offering increasingly attractive "High
Availability" servers with automatic failover.
These servers use failover strategies with a heart-beat sensor between
processors, a single shared SCSI drive cabinet (using mirroring or other
RAID implementation) with redundant controllers, and pseudo IP
addressing on the secondary box to handle the NIC failover. Other
beneficial features to deploy include hot-pluggable disk drives,
redundant power supplies, and fans.
You are right - these ideas cost heaps, but things are getting more
reasonable. One has to determine how much firewall uptime is worth and
what is the estimated failure risk by component, and try to justify the
You have posed a valid issue that the hardware vendors hope to exploit
with the "High Availability" concept. Not sure what the firewall product
vendors can do to address the issue from a "soft" standpoint. Curious to
know what others are doing as well.