-
November 25th, 2009, 08:34 PM
#21
a high availability service from home = terms that contradict
Look into a reverse proxy where conditional rules can be applied
-
November 27th, 2009, 03:34 PM
#22
For all others, that you can't see what he's trying to do is a shame. Its a simple concept, redundant firewalls help alleviate firewalls as the single path failure in house.
I'm glad that other people understand the concept - I am still unsure of what is meant to be happening...... would a failsafe firewall only be protecting a failsafe WAN ?
Or am I of the understanding that you have a single WAN configured with 2 firewalls (FW1 & FW2 for instance) and the configuration would resemble something like:
WAN -> FW1 -> Working OK, But if FW1 fail, pass traffic to FW2
This means that if the first firewall has failed/stop responding, all traffic will be passed to the second firewall. This prevents a network failure if the first firewall stops responding? is this correct?
My next question is then "what is passing the traffic to the first firewall, then determining if the traffic flow is OK, and if it is not, then deciding to pass traffic to the second firewall?".
"Any intelligent fool can make things bigger and more complex... It takes a touch of genius --- and a lot of courage to move in the opposite direction."
- Albert Einstein
-
December 1st, 2009, 12:33 PM
#23
Member
CTO,
Yes, that's the general idea; however you are correct, TG2's solution had a switch at the front which does create yet another SPF.
I have noticed that some of the h/w firewalls can be set to pass all traffic if a failure occurs. In this case, two firewalls in series (as you initally mentioned) would do the job. I don't know what sort of effect it would have on traffic, though, if everything was being filtered twice.
What's your favourite OS?
Seen it. Tried it. Crashed it.
-
December 4th, 2009, 02:48 PM
#24
I don't know what sort of effect it would have on traffic, though, if everything was being filtered twice.
You are always limited by the bottleneck. Check the traffic throughput of the firewall device on the manufacturer website and if it is equal to or greater than your WAN/LAN infrastructure, then you will be fine.
CTO
"Any intelligent fool can make things bigger and more complex... It takes a touch of genius --- and a lot of courage to move in the opposite direction."
- Albert Einstein
Similar Threads
-
By heatwave in forum AntiOnline's General Chit Chat
Replies: 4
Last Post: October 12th, 2012, 08:53 AM
-
By c0br4 in forum AntiVirus Discussions
Replies: 9
Last Post: June 23rd, 2005, 12:06 AM
-
By stevecronin in forum The Security Tutorials Forum
Replies: 7
Last Post: January 23rd, 2005, 04:47 AM
-
By mjk in forum Firewall & Honeypot Discussions
Replies: 6
Last Post: March 12th, 2004, 05:40 AM
-
By Zato in forum Firewall & Honeypot Discussions
Replies: 2
Last Post: February 1st, 2004, 01:01 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|