[Gllug] High Availability firewall

[Julian Somers]

Hi All,

I need a redundant firewall system that will failover in case of  
hardware failure. A colleague recommends a couple of Cisco Pix 520s,  
but in my opinion, we have better things to do with £5000.

The firewall will offer NAT to hosts on an internal network, and port  
forward external requests to servers in a DMZ.

I have been looking at Linux-HA, which seems to be able to do  
everything I need (I don't think we need stateful failover; keeping  
active tcp sessions intact on failover isn't a requirement). I would  
like to use shorewall to manage the firewall rules, as we have been  
using it for a while and are happy with it.

Has anyone had experience with this? Is there an easier way to  
achieve it than with linux-ha, for someone who has no experience  
whatever in clustering?

thanks, Julian


-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug