Firewall Wizards mailing list archives

RE: High availability

From: "Andrew J. Luca" <andrewluca () mediaone net>
Date: Sat, 10 Jul 1999 12:23:15 -0400

Sandy,

        We did this at a previous employer of mine.  Basically, there are two
problems that you have to solve.  First, you have to get the boxes to look
like the recently failed box from the network perpspective.  This is pretty
easy since it is a built-in function of the HA software.  The second problem
is getting the firewall configuration to look like the other box.  We
produced two versions of the firewall rules table for the box.  The first
version -- the normal operation version -- had the rules for the single
active interface box.  The second version of the file had a combined
configuration of the two files.  During the takeover process, the second
version was swapped in and the rules reloaded.

        The files were a pain to administer but it worked really well.  You can
build something simpler by yourself but the HA package has some nice
features.  We were using the Veritas HA package which could handle the
systems going down and coming back up on their own.

        If you want more information, I think that I have some configuration
diagrams kicking around somewhere.

Drew


-----Original Message-----
From: owner-firewall-wizards () nfr net
[mailto:owner-firewall-wizards () nfr net]On Behalf Of Sandy Green
Sent: Tuesday, July 06, 1999 10:18 AM
To: firewall-wizards () nfr net
Subject: High availability


How does the HA solution work. ie when there is a
change over from the primary to secondary, the IP
addresses are swapped over to the secondary.

which IP addresses are swapped ? the external as
well as the internal. or only the external.
what about the arp cache ? what about the mapping
of MAC address to IP address of the internal IP
addresses ?

In short I need to understand the working of a
HA solution. The white papers in the sites like
stonebeat only talk about it superficially.

I asked this question in the Checkpoint mail list
but did not get a satisfactory answer as yet.

thanks

_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

Current thread:

High availability Sandy Green (Jul 06)
- Re: High availability Carric Dooley (Jul 12)
- RE: High availability Andrew J. Luca (Jul 12)
- <Possible follow-ups>
- Re: High availability Russ Wolfe (Jul 08)
- Re: High availability Don Kendrick (Jul 09)