[ale] High Availability Linux firewall solution?

[Michael Gregoire <Michael Gregoire]

Ned Williams writes:
 > Darrell Golliher wrote:
 > 
 > >   I'm familiar with Linux firewalls from home use, but would like to
 > > learn more about setting up a pair of them with automatic failover.
 > >
 > >   Are any of you running HA linux firewalls and if so can you share
 > > you experiece and perhaps recommend specific documentation?
 > >
 > >   Basically, I'm suffering from sticker shock on upgrading checkpoint
 > > to do HA and am exploring Linux as an alternative.  I want very much
 > > though to avoid having a single point of failure.
 > >
 > >   Any information welcome. :)
 > >
 > > tia,
 > > Darrell Golliher
 > > --
 > > To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message
 > > body.Da
 > 
 > Darrell,
 > 
 > Normally I would recommend a Foundry Server Iron to handle the load balancing for
 > an HA enviorment but since your worried about cost then perhaps straight failover
 > is better suited for you. Perhaps you should set your firewalls up using the old
 > Vinca model.
 > 
 > add a 3rd interface to each one, attach a Xover a cable between the third
 > interface on each and set up crons on the slave designated server to ping the
 > Primary, if the primary fails, issue scripts to change the ip address of the
 > slave servers primary and secondary interfaces to those of the primary then via a
 > ssh'd command over the third interface change the ips of the original primary to
 > slave's orignal ips.
 > 
 > Ned
 > 


Couldn't you use the serial ports instead of third nic?  null modem cable,
with a ppp connection doing keepalive pings?


Mike

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.