[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Suggestions for how to manage cold standby server.
Greetings! Joe Matusiewicz wrote: > At 04:54 PM 2/13/03, Hal Dorsman wrote: >> How does everyone manage a second cold standby >> firewall? One that you would want to keep on >> your internal network for remote access. With the >> licenses now being tied to the internal IP, you >> get conflicts if you try to put it on the same net. > My cold standby server is an exact replica of my active one including ip addresses, static routes, etc. It's always online but it is not connected to the network. It takes about 10 seconds to switch to the backup and be up and running. This is because of the time it takes to switch the wires and the time for the backup to announce its presence on the network.
As for imaging unix-based servers this could be done via direct bit-imaging (dd/nc as in http://wyae.de/docs/img_dd.php), which can get corrupt images when taken from a running system - and it takes a few hours to complete. I guess it'll be better to sync both servers via RSYNC (e.g. as in http://wyae.de/docs/img_rsync.php) which will be much faster after the first, initial (and slower) copy. For this you boot the standby machine with a removable media and different IP address. For switchover you'll need to remove the internal cable from the (old, burned down) FW and reconnect the external connections to the new server. Then reboot the new FW. Bye Volker Tanger IT-Security Consulting -- discon gmbh Wrangelstraße 100 D-10997 Berlin Telefon (030) 6104-3307 Telefax (030) 6104-3461 [email protected] http://www.discon.de/ ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|