firewall with High-availability - Security

This is a discussion on firewall with High-availability - Security ; Hello, Does anybody uses two firewall in HA in a similar way than carp+pfsync does for openBSD? .----FW backup---. / | \ INET--- | +---LAN \ | / `----FW master---' Does anyone knows a tool to synchronize the conntrack state? ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: firewall with High-availability

  1. firewall with High-availability

    Hello,

    Does anybody uses two firewall in HA in
    a similar way than carp+pfsync does for openBSD?

    .----FW backup---.
    / | \
    INET--- | +---LAN
    \ | /
    `----FW master---'

    Does anyone knows a tool to synchronize the
    conntrack state?

    Thanks


  2. Re: firewall with High-availability

    Hi,

    UCARP, userland tool for CARP protocol should be what you are looking
    for.
    http://www.ucarp.org/project/ucarp

    To synchronize iptables' conntrack state, you should take a look at
    ctsync.
    https://svn.netfilter.org/netfilter/...-ha/linux-2.6/
    http://lists.netfilter.org/pipermail...lter-failover/
    Patches and kernel recompilation are needed...

    Hope this help


+ Reply to Thread