Redundant firewalls

[Tracy R Reed]

--45Z9DzgjV8m4Oswq
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Aug 19, 2001 at 11:27:20PM -0700, Andy Poling wrote:
> Actually, if that's your only heartbeat medium, then both FW's will think=
 the
> other is dead if either router dies.  They'll both try to be active at on=
ce.
> That's bad.

True but if one of the firewalls somehow becomes cut off from the rest of
the network is it really a problem that they are both active?

> In that case, you should just concentrate on making the FW's redundant (u=
sing
> heartbeat should work just fine).  You want at least one independant hear=
tbeat
> medium between them (like a serial xover cable), preferrably more than on=
e.
> Then one of the two will always be alive and active.  Don't try to make t=
hem
> responsible for the rest of your network...

I don't understand this. If I use a serial crossover cable and one of the
network cards in the active firewall dies the other firewall will never
take over and my network is down. The only time a system will fail over
with a serial connection is if one of them actually locks up solid=B8 right?

--=20
Tracy Reed      http://www.ultraviolet.org

--45Z9DzgjV8m4Oswq
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjuAtLYACgkQ9PIYKZYVAq27EwCeJjerAUQT8G5qx1bUKivYg2U8
CHQAnR3uEdA5EuKZkI7fTe+CZSu+y5wL
=PT3g
-----END PGP SIGNATURE-----

--45Z9DzgjV8m4Oswq--