Firewall failover VRRP or Clustering?

3 posts / 0 new
Log in or register to post comments
Last post
Thu, 03/13/2008 - 09:36
#1
Tim_WI
Firewall failover VRRP or Clustering?

I would like to fail over my public ip addresses between firewalls if one fails. Clustering currently support VPN but if it moves the ip addresses in the group is that all that is needed. Or should I use VRRP? The problem I see with VRRP is that the messages are sent on the public interface so my VRRP info would be exposed. Any guidance would be appreciated. Thank you.

Tim

Top
Thu, 03/13/2008 - 14:11
Permalink
jfletcher
Firewall failover VRRP or Clustering?

As usual, it depends :-)

If you just to move the connection to a single virtual interface on
multiple systems,
VRRP is fine. If you need to move between duplicate systems and shift all
interfaces and VPN, you'll want to set up clustering.

Best,
Justin

On Thu, Mar 13, 2008 at 8:36 AM, Tim_WI wrote:

Quote:

I would like to fail over my public ip addresses between firewalls if one
fails. Clustering currently support VPN but if it moves the ip addresses in
the group is that all that is needed. Or should I use VRRP? The problem I
see with VRRP is that the messages are sent on the public interface so my
VRRP info would be exposed. Any guidance would be appreciated. Thank you.

Tim

-------------------- vyatta forums --------------------

Read this topic online here:
http://www.vyatta.org/node/#comment-

-------------------- vyatta forums --------------------

Top
Fri, 03/14/2008 - 14:24
Permalink
Tim_WI
Firewall failover VRRP or Clustering?

Thanks I will try clustering.

Top
Log in or register to post comments