On Sun, Jul 22, 2012 at 8:06 AM, Harri Makela <harri_mak...@yahoo.com> wrote: > Hi All > > Application Server connecting successfully to DataBase Server01 (db01). This > DB01 now need to mirror to db02 and port 5022 will be used. > > Requirement : Application Servers which currently access DB01 should be able > to access DB02 when failover to DB02 will happen. > From FW perspective, I am not sure how I`ll add the failover on FW ? As per > my understanding, I just have to add the FW policies as per flow i.e. SRC --> > DST --> Port and rest will be done from SQL end.
This depends on how you're doing failover. Two ways that I can think of: If it's purely application-layer, and your clients will fail over to connecting to db02 somehow, just be sure and have policy that allows connections to db02's IP. - Failover and test this out. If it's a VIP, High Availability IP, or some other mechanism that moves connections to the IP from one host to the other, do nothing. Your firewall should allow new connections to form normally. However, you may still see some sessions that are established but for which there is no matching connection on the host. These may time out or attempt closure after a while. --j _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
