Date: Wed, 26 Mar 2003 13:18:48 -0800 (PST) From: randall ehren <randall@ucsb.edu> To: Michael Richards <michael@fastmail.ca> Cc: freebsd-security@freebsd.org Subject: Re: Multiple Firewalls with ipfilter? Message-ID: <Pine.BSF.4.33.0303261317220.38085-100000@isber.ucsb.edu> In-Reply-To: <3E82142E.000017.64676@ns.interchange.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
> We're supposed to provide redundant firewall service. I'm wondering > if anyone has ever tried to do this and if it's realistic. Basically > 2 firewall machines hooked up so if one fails the other will > transparently step in. I've googled it to death without much luck. > > The security issue here lies in that the 2 firewalls can't talk to > each other. So if I'm keeping state on a connection then the second > firewall has to know about that connection otherwise it will close if > that firewall dies. http://www.isber.ucsb.edu/~randall/firewall/redundant/ i have this setup in use at work, it's an automatic failover but does not keep existing connections, so things like SSH sessions would be dropped. -randall -- :// randall s. ehren :// voice 805.893.5632 :// systems administrator :// isber|survey|avss.ucsb.edu :// institute for social, behavioral, and economic research
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.33.0303261317220.38085-100000>