Date: Fri, 28 Mar 2003 14:49:51 -0800 (PST) From: Mike Hoskins <mike@adept.org> To: freebsd-security@freebsd.org Subject: Re: Multiple Firewalls with ipfilter? Message-ID: <20030328144454.A10259-100000@fubar.adept.org> In-Reply-To: <Pine.BSF.4.33.0303261317220.38085-100000@isber.ucsb.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 26 Mar 2003, randall ehren wrote: > > We're supposed to provide redundant firewall service. I'm wondering > > if anyone has ever tried to do this and if it's realistic. Basically > > 2 firewall machines hooked up so if one fails the other will > > transparently step in. I've googled it to death without much luck. > http://www.isber.ucsb.edu/~randall/firewall/redundant/ > i have this setup in use at work, it's an automatic failover but does not > keep existing connections, so things like SSH sessions would be dropped. Nice setup... If reliability is such a concern, the original poster could also move the state 'in front' of the firewalls. I.e. Invest in some stateful load balancers. I've asked a similar question in the past, and had the stateful (BSD) firewall discussion a few times, and that's often the suggestion that gets thrown around. I agree an alternative would be nice if you're on a budget, but you often get what you pay for. Using something new and/or experimental may not be the best option based upon the type of traffic these firewalls will be passing. -mrh
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030328144454.A10259-100000>