Not that I've done it, but it'd be (reansobably) easy to do.
For a routing firewall (ie from NAT to public space, or a gateway
machine acting as a firewall), have your failover machine inside the
trusted network pinging the private (gateway) interface of the normal
firewall. On a failure, have the failover machine change its ip
address on its private interface to that of the gateway, and have it
bring up the public interface (which should be on the same network
segment as the public interface for the production firewall).
On a bridging firewall, I'd instead have the failover ping the public
interface ip (or a dmz machine or router) instead of the private
interface. For failover, it should just bring up its public interface,
as bridging firewalls shouldn't be called as gateways, anyway.
The scripts for all of this would not be too terribly difficult to
implement, although I'm not aware offhand of any available for
download.
jeff
On Thu, Aug 17, 2000 at 12:16:27PM -0400, [EMAIL PROTECTED] wrote:
> The thread on redundant FW1 got me interested in similar solutions for
> OpenBSD...
>
> Has anyone set up a failover capability with an OpenBSD firewall? I'd be
> interested in your approach.
>
> Right now, we are putting our trust in what proves to be a reliable OS.
> But there is always hardware failure to worry about...
>
> Thanks,
>
> CB
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
