You may ask, “why would anyone need two firewalls?” Well, here’s the deal, all hardware can fail. We all know this is true, but what can we do to keep that from happening to mission critical electronics that run our businesses? One of the many things that can be done is to run two firewalls concurrently (HA or High Availability), so that if one fails the other can instantly take over the job. Extremely high uptimes are the name of the game, and HA is the winning strategy.

Creating a solution that works

In order for a high availability network work properly, a few critical elements need to be in place:

  • Two power sources
  • Each firewall needs a separate connection to the Internet
  • Each firewall needs a separate connection to the local network
  • The firewalls must be connected to each other

Firewalls

Our firewalls are equipped with many advanced functions, including dual Gigabit interfaces, allowing them to balance traffic, check each other’s heartbeats, and distribute jobs between the two. These connections allow transitions to not only be seamless, but nearly imperceptible, with as little as one packet lost during the hardware transition. This means web browsing should have no noticeable impact, however, a small interruption to the phone system could occur as the system transitions the packets out the failed firewall and re-establishes the sessions.

Power & Battery Backups

Separate UPSs (Uninterruptible Power Supplies) connect to, preferably, two different power circuits which will give us the highest chance of staying connected. To go even further, you can provide a generator that automatically kicks in during a sustained power outage, which would then take back over from the battery backups, giving you zero downtime on your network equipment.

Internet Service Providers

Dual Internet connections are also a critical part of this story. Each modem will be connected to the separate UPSs for power, and to an HA switch, which will allow us to connect both firewalls to each single modem connection. Then, if you have an internet outage, (but that never happens, right?) your connection will flip automatically. You probably will not even notice it happen but we will, and we’ll let you know if it does. For example, you could have one coax cable internet, and one fiber connection. Not only can we actively balance the load between the two, but HA will give you the redundancy you need if one of the firewalls should fail.

A single firewall has multiple failure points and no redundancy. So, if network or internet connectivity is important to you or your organization, a highly available firewall solution and multiple WANs from at least 2 different ISPs are the way to go. Even in the event of a firewall failure, you should never lose your ability to conduct normal business operations.

If you’re interested in learning more, about highly available firewalls, please contact the VanBelkum team today to learn more about how we can assist your business in creating greater efficiencies through technology.