Depends on the firewall. Some like the WG use a heatbeat packet over the ethernet to determine if the failover should take place. Others like the PIX use a dedicated line that monitors both the master and secondary firewall to determine which takes over. In the PIX there are two failover type. The standard failover does not failover the connections. A stateful failover will failover all connection states, except VPN's.
What kind of firewall do you have? M. Dante Mercurio, CCNA, MCSE+I, CCSA Consulting Group Manager [EMAIL PROTECTED] Continental Consulting Group, LLC www.ccgsecurity.com -----Original Message----- From: Carmelo Floridia [mailto:[EMAIL PROTECTED]] Sent: Monday, December 10, 2001 12:19 PM To: SECURITY-BASICS Subject: Firewall in HA: how VRRP works? Hi guru, Assume that i have two firewalls in HA, each firewall has 4 interface(internet,intranet, DMZ and VRRP) In which way can I monitor connectivity between firewall and other 3 networks? For example, if the interface of DMZ of the master firewall goes down....or goes down the link between master firewall and DMZ....how the backup take the control? best regards Carmelo
