lmkandia
asked on
Can we setup a second firewall to give the public redundant access to a web server?
We have a 10mbps connection coming into a client's site. A Sonicwall firewall sits on that connection and behind it a web server on the LAN. The client also happens to have a DSL connection into that building. So for redundancy purposes they asked if they could get that DSL connection to act as another gateway TO the web server sitting on that LAN. Would it be as simple as:
1. Setting up the second firewall with its WAN configured to a STATIC IP on the DSL.
2. Setting up the second firewall with its LAN side configured to an unused STATIC IP on the same LAN as the first firewall and web server.
3. Creating another A record in the domain's DNS zone record for the WWW traffic to reflect the DSL's static IP address?
thanks
1. Setting up the second firewall with its WAN configured to a STATIC IP on the DSL.
2. Setting up the second firewall with its LAN side configured to an unused STATIC IP on the same LAN as the first firewall and web server.
3. Creating another A record in the domain's DNS zone record for the WWW traffic to reflect the DSL's static IP address?
thanks
ASKER
We wish to use the 2 firewalls independently of each other. The first firewall is an NSA model, more than capable of doing the failover on its own. But we wish to implement the second firewall, a TZ180 I believe, as a second live firewall accessing the same web server simultaneously. Does the above design sound ok? Or is there a flaw in there somewhere?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You can set up WAN failover on some models so that if one connection fails then it will automatically switch to the secondary connection. You will of course have to set up DNS as well so that in the event of a failover the secondary connection can be reached and used externally.