From owner-freebsd-security@FreeBSD.ORG  Wed Mar 26 13:03:19 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C1AE737B404
	for <freebsd-security@freebsd.org>;
	Wed, 26 Mar 2003 13:03:19 -0800 (PST)
Received: from mail.interchange.ca (ns.interchange.ca [216.126.79.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DA2AC43F75
	for <freebsd-security@freebsd.org>;
	Wed, 26 Mar 2003 13:03:18 -0800 (PST)
	(envelope-from michael@fastmail.ca)
Received: by mail.interchange.ca (Fastmailer, from userid 555)
	id 5DFA9864312; Wed, 26 Mar 2003 15:57:19 -0500 (EST)
Received: from 24.114.6.105 by www.fastmail.ca with HTTP;
	Wed, 26 Mar 2003 20:57:18 +0000 (UTC)
MIME-Version: 1.0
Message-Id: <3E82142E.000017.64676@ns.interchange.ca>
Content-Type: Multipart/Mixed;
  boundary="------------Boundary-00=_IJJD2I4YA1UMYJ0CCJD0"
To: freebsd-security@freebsd.org
Date: Wed, 26 Mar 2003 15:57:18 -0500 (EST)
From: "Michael Richards" <michael@fastmail.ca>
X-Fastmail-IP: [24.114.6.105]
X-Spam-Status: No, hits=0.0 required=5.0
	tests=none
	version=2.50
X-Spam-Level: 
X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp)
Subject: Multiple Firewalls with ipfilter?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Mar 2003 21:03:20 -0000


--------------Boundary-00=_IJJD2I4YA1UMYJ0CCJD0
Content-Type: Text/Plain
Content-Transfer-Encoding: 7bit

We're supposed to provide redundant firewall service. I'm wondering 
if anyone has ever tried to do this and if it's realistic. Basically 
2 firewall machines hooked up so if one fails the other will 
transparently step in. I've googled it to death without much luck.

The security issue here lies in that the 2 firewalls can't talk to 
each other. So if I'm keeping state on a connection then the second 
firewall has to know about that connection otherwise it will close if 
that firewall dies.

Any ideas?

-Michael
_________________________________________________________________
    http://fastmail.ca/ - Fast Secure Web Email for Canadians
--------------Boundary-00=_IJJD2I4YA1UMYJ0CCJD0--