RE: Failover internet connections, and implementation...

["Joseph Lichty" <jlichty () visitdetroit com>]

 We use a dual-WAN router (in front of our firewall) from PePLink
(www.peplink.com) with 2 T1s.  I had a DSL backup before we got our
second T1 and it worked well.

I can also do some traffic shaping (send SMTP through the backup and all
HTTP/S through the primary) so that we're not trying to stuff everything
down one pipe.

outbound failover is pretty much automatic, but inbound takes some doing
(server mappings, etc) but it's not too difficult.


 
Thanks,
Joe

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Dan Denton
Sent: Tuesday, October 23, 2007 2:19 PM
To: security-basics () securityfocus com
Subject: Failover internet connections, and implementation...

I've a question about failover internet connections. I'm interesting in
knowing what kind of implementations that other SMB's use for
redundancy, and to switch to in the case of a DOS attack. 

Do any of you have redundant highspeed internet connections for your
offices (versus those for datacenters)? If so, what kind of setup do you
have?

Here's the setups I'm considering...

1. Have a second cable modem/dsl modem active, but not hooked into the
network. In the event of a failure, move the connection for perimeter
devices over to the standby connection and reconfigure the perimeter
device to use a different IP.

2. Have a second set of perimeter devices (firewalls) programmed to use
the IP's on the second connection, as a hot standby.

My problem with the first option is the time it would take to
reconfigure firewalls and IDS' to use the other ISP's connection. The
problem I have with the second is the expense of firewalls and IDS' just
sitting there idle. 

Any input is greatly appreciated!


Dan 



------------------------------------------------------------------------------------------------
This email is confidential and is intended only for the receiving party.