Hi everybody
We need to rethink our Firewall concept and are looking for the best configuration.
Situation:
At the moment we have two ESXi Host (esxi55-a, esxi55-b), each has an own Astaro v8 Firewall (asl8-a, asl8-b) with 4x1GBit on WAN site (lag0) and 4 interfaces for different internal networks (internal, develop, productiv, sandbox).
Both ESXi Hosts share the same storage, so if we move a vm from host esxi55-a to the other host esxi55-b we have to take down it's external IP address from firewall als8-a and configure it on the other asl8-b and have all rulesets on both firewalls.
at the moment 55 virtual machines run on the hosts.
not very elegant, historically grown, shame on me.
New situation and my wishes:
4-8 ESXi Hosts with up to 100 vm's in different internal networks (develop, productive, internal, direct)
HA-act as one?
Connecting all NICS from the ESXi Servers to two switches (one for failover).
Both switches are connected to asl9-a and asl9-b which are in a somewhat HA active/active/act-as-one state. [:S]
The administration of external additional IPs for the vms, the NAT and rulesets are only configured once on asl9-a.
The traffic gets load-balanced over both, asl9-a and asl9-b.
If one of the firewalls fails, the other one takes over the traffic.
correct? i didn't find a lot more specific information in the docs.
What about the licenses, do I need active/active upgrade?
software:
Astaro Security Gateway v8, 50 IP each
hardware:
fujitsu rx300 s5 with 6GB RAM, XEON quadcore, 8 intel nics, momentary mostly not very busy (RAM 25%, CPU 8%, Disk 2%, NW Usage extern lag0 max 55Mbps (7MB/sec), average 704kbps)
thanks for anyone reading, hopefully understanding and more hopefully for any hints.
mckarto
This thread was automatically locked due to age.
