Can we setup a second firewall to give the public redundant access to a web server?

Posted on 2009-02-19
Last Modified: 2012-05-06
We have a 10mbps connection coming into a client's site.  A Sonicwall firewall sits on that connection and behind it a web server on the LAN.  The client also happens to have a DSL connection into that building.  So for redundancy purposes they asked if they could get that DSL connection to act as another gateway TO the web server sitting on that LAN.  Would it be as simple as:

1. Setting up the second firewall with its WAN configured to a STATIC IP on the DSL.
2. Setting up the second firewall with its LAN side configured to an unused STATIC IP on the same LAN as the first firewall and web server.
3. Creating another A record in the domain's DNS zone record for the WWW traffic to reflect the DSL's static IP address?

Question by:lmkandia
    LVL 7

    Expert Comment

    What is the model of the SonicWALL appliance?

    You can set up WAN failover on some models so that if one connection fails then it will automatically switch to the secondary connection.  You will of course have to set up DNS as well so that in the event of a failover the secondary connection can be reached and used externally.
    LVL 2

    Author Comment

    We wish to use the 2 firewalls independently of each other.  The first firewall is an NSA model, more than capable of doing the failover on its own.  But we wish to implement the second firewall, a TZ180 I believe, as a second live firewall accessing the same web server simultaneously.  Does the above design sound ok?  Or is there a flaw in there somewhere?
    LVL 7

    Accepted Solution

    So long as you make sure the DNS and routing entries properly have it all point to the web server then absolutely.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Join & Write a Comment

    I wrote this article to help simplify the process of combining multiple subnets. This can be used for route summarization also but there are other better ways to summarize routes, This article is a result of questions I participate in here at Ex…
    Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now