I used to be a reseller (not anymore) for a product called Qualix
"Secure-watch" it was a high availability solution, it worked very well for
me in some complex configurations.
It automatically backed up the firewall and/or web server hardware and
software using automatic hot cutover/monitoring software and Shared SCSI
disks.
Tech support wasn't great, but it was OK if you were a Sr. Unix sys admin.
According to the sales info on thier home page at:
http://www.qualix.com/sysman/product/securewatch.htmld/
"Qualix has combined the core technology of the leading high-availability
software, QualixHA(tm) (including Qualix HA-Environment(tm)and VERITAS
FirstWatch(r)), with the security of the leading firewall, FireWall-1.
These two products, along with special Qualix HA-Modules(tm) software,
provide a packaged solution for highly available secure Internet
connectivity."
"In order to guarantee access to the Internet, SecureWatch uses two
workstations. A primary workstation operates as the Internet firewall, and
a "hot standby"
workstation operates as the back-up."
I'd bet that a solution like this would solve your problems, they have
several competitors you can do a Hotbot search for "high availability
firewall" and turn some of those up.
-David B. Donahue
P.S. I have no affiliation with them anymore, i just liked thier product,
even if i had problems with thier T/S group.
----------
> From: Laura_Bohde @
prenhall .
com
> To: firewalls @
GreatCircle .
COM; mike .
starkweather @
anheuser-busch .
com;
Francis Yeung <fyeung @
fyeung8 .
netific .
com>
> Subject: Re[2]: Highly available Internet connection
> Date: Thursday, January 30, 1997 8:24 PM
>
>
> The firewall is not powered off - what is powered off is
> the router on one side of it, and the hub on the other
> side. I never want to use a power switch on a Unix box
> for fear of corrupting the File Systems/disks. Also -
> leaving the firewall live enables us to ensure the backup
> doesn't have any hardware problems.
>
> We haven't automated the synching yet. Static routes are
> defined in a startup file - the same on both systems.
> Doesn't change very often, and is easy to change on both
> systems, should a new route need to be added. All I
> actually need to do is copy the firewall config files (I
> use tape right now, can't ftp because the backup isn't on
> a live network) over to the backup system after I make a
> configuration change. Only takes a few minutes -
>
> We also thought about the second disk idea, where you
> could boot off of another disk that housed the
> configuration, but we didn't want to worry about the
> experience of the person performing the switch-over.
>
> - Laura
>
>
> ______________________________ Reply Separator
_________________________________
> Subject: Re: Highly available Internet connection
> Author: fyeung @
fyeung8 .
netific .
com (Francis Yeung) at INTERNET-PUB
> Date: 1/30/97 10:43 AM
>
>
> Laura,
>
> What happens to the data - firewall rules, static routes etc,
> ? How you do keep them in sync if one unit is powered off ?
>
> Thanks.
>
> Francis
>
> > From root @
fyeung25 .
netific .
com Thu Jan 30 03:32 PST 1997
> > From: Laura_Bohde @
prenhall .
com
> > Date: Wed, 29 Jan 1997 23:20:46 -0500
> > Subject: Re: Highly available Internet connection
> > To: "'firewalls @
GreatCircle .
COM'" <firewalls @
GreatCircle .
COM>,
> > "Starkweather; Mike" <mike .
starkweather @
anheuser-busch .
com>
> >
> >
> > We have two routers connected to the Internet configured
> > identically, as well as two hubs, two firewalls, and two
> > hubs on the other side. Then we installed Black Box
> > power on/off switches (one on each router, and one on
> > each hub at the other end). This way we can leave one
> > network up and the other powered off. If any device in
> > the "primary" network fails, with a simple phone call
> > (our help desk can even do this), one network can be
> > powered off and the other powered up. (this way all
> > equipment can actually have the same IP addresses too.)
> >
> > Hope this helps -
> >
> > Laura
> >
> >
> > ______________________________ Reply Separator
> _________________________________
> > Subject: Highly available Internet connection
> > Author: "Starkweather; Mike" <mike .
starkweather @
anheuser-busch .
com> at
> > INTERNET-PUB
> > Date: 1/29/97 4:40 PM
> >
> >
> > My company wants to move toward Electronic Commerce on the Internet.
> > One of the requirements would be a highly available, secure
> > connection. One of the ideas I have considered is two firewalls going
> > out over two routers to two wide area links to two ISPs. This is a
> > pretty brute force approach.
> >
> > Does anyone have any ideas to share on how we might build an Internet
> > connection that would approach 100 percent availability?
> >
> > Thanks for all your help.
> >
> > Mike Starkweather
> > Anheuser-Busch
> >
> >
> >
|
|
