GATED Question

[Colin Campbell <sgcccdc () citec qld gov au>]

Hi,

One of my colleagues has a question regarding the use of GATED for
failover of firewalls. We have tried Merit but got no answers. The
question and answer may be of interest to others on this list. The
following picture is a simplified version of the setup involved:

                 hostile
                 network
                    |
                    |
                 router
                    |
                 ------
                  /  \
                 /    \
               fw-1   fw-1 (one production, the other standby)
                 \    /
                  \  /
                 ------
                    |
                 router
                    |
                    |
                 friendly
                 network

The idea is that the firewalls and the router interfaces on the firewall
LANs are in one OSPF area. Within about a minute of the "production"
firewall dying the routers switch to the standby firewall.

Anyway, here's the question:

------------------------------------------------------------
I am looking for information about gated's operation.

I have a firewall configuration of two Firewall-1 firewalls 
between two routers providing some firewall redundancy by 
using OSPF and gated on the firewalls to enable the routers 
to direct traffic to either the primary or secondary firewall, 
depending upon who's running at the time.

Recently a flaw in this configuration was discovered when 
one of the routers was mis-configured, and the routing 
information was published to the firewall resulting in a 
denial of service as anti-spoofing rules prevented packets 
being transmitted from the wrong interface.

I have noticed that there is a -n option for the gated 
command line that seems to indicate that gated will take 
part in OSPF conversations but will not alter it's own, 
already existing, routing table entries. Is this true?

My intention is to set up static routes on the firewall and 
start gated with the -n option so that the routers can 
perform the failover function in the event that the firewall 
dies but prevent the routers from modifying the  firewall's 
routing tables.

Am I correctly interpreting the function of the -n option? 
The man page is not very forthcoming on the subject and I 
have found no other mention of this option.

I will appreciate any information you can give me.
------------------------------------------------------------

So will I,
Colin

--
Colin Campbell
Unix Support
CITEC
+61 7 3227 7112