Great Circle Associates Firewalls
(June 1997)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: high availability
From: Bill Stout <stoutb @ pios . com>
Date: Tue, 17 Jun 1997 10:06:46 -0700
To: firewalls @ greatcircle . com

>From what I understand, UNIX/NT failover (Cluster level 1) has only three

     o IP address assumption
     o Scripts to start assumed services
     o A SCSI 'disk hiding' technology (on shared SCSI bus)

You do need to assume the failed firewalls' IP address.  I submit that
assuming the address is easier as a secondary address (scripting is a good

You do need to start services (scripting helps).

The third component is only (?) required when you want, what?  If you
replicate the rules between the firewall pair, you've done all you can.
Shared disk does not _really_ maintain state, does it?  I have this image in
my head that state is maintained between protocol stacks in memory, not disk.

Bill Stout       (Systems Engineer/Consultant)         stoutb @
 pios .
Pioneer Standard (Computer Systems & Components)
San Jose, CA     (Location of 1 of 52 U.S. offices)    (408) 954-9100
*My opinions do not reflect that of the company, and visa-versa, thankfully.*

Indexed By Date Previous: Re: Gauntlet & FW1 told me to do this!??!
From: george @ neato . org
Next: Oracle application through Raptor Eagle Firewall
From: "John Davis"<jodavis @ hq . caci . com>
Indexed By Thread Previous: Re: high availability
From: Andrew Luca <fmrco!ocean!ajl @ uunet . uu . net>
Next: Re: high availability
From: Aaron Everingham <aaron @ citadel . com . au>

Search Internet Search