firewall with High-availability

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Does anybody uses two firewall in HA in
a similar way than carp+pfsync does for openBSD?

        .----FW backup---.
       /         |        \
INET---          |         +---LAN
       \         |        /
        `----FW master---'

Does anyone knows a tool to synchronize the
conntrack state?


Re: firewall with High-availability


UCARP, userland tool for CARP protocol should be what you are looking

To synchronize iptables' conntrack state, you should take a look at
ctsync. / /
Patches and kernel recompilation are needed...

Hope this help

Site Timeline