Hardware Failover

Hardware failover is a process in which at least two hardware firewall devices work together in active/passive configuration. The active firewall is called primary whereas the firewall that remains in passive mode is known as the secondary or more often a backup firewall. The primary and backup firewalls are connected to each other through a dedicated LAN connection.

Just like other failover concepts, under normal situations (when everything goes fine), it is the primary firewall that handles the entire network traffic and is responsible for securing the network. In case the primary firewall fails, the backup firewall comes out of the passive mode and starts playing the role of the primary firewall. In other words the backup firewall becomes active.

Auto Replication

While configuring hardware failover, security administrators are only required to configure the primary firewall. Configuration of primary firewall includes creating and applying the rule-sets, defining policies, bandwidth allocation, etc. Since the primary and backup firewalls are connected through a dedicated LAN connection, the configuration is automatically replicated to the backup firewall making it a mirrored copy of the primary firewall. This makes the backup firewall exact replica of the primary one.

If something goes wrong (typically firmware corruption) with the active (primary) firewall, secondary firewall automatically refreshes the corrupt version of the firmware with the last-known good firmware configuration, hence bringing back the primary firewall up instantaneously.

Modification Synchronization

Modification synchronization is the process in which any modifications made on an active firewall are automatically synchronized with the backup firewall in order to provide redundant settings, and decrease failover time. Some latest firewall appliances support two types of synchronization methods. They are:

• Complete Synchronization – In this type of synchronization, even if minor changes are made in the active firewall, the entire configuration is synchronized (replicated) with the idle (passive) firewall. Complete synchronization takes place when the timestamp is not synchronized between primary and backup firewalls.
• Incremental Synchronization – In this type of synchronization, only the modifications made in the active firewall are replicated to the passive one to save time and bandwidth. Incremental synchronization takes place when the timestamp is synchronized between two firewalls.

Hardware Failover Situations

Primary firewall is considered failed when it stops filtering the packets, network interface cards stop detecting the network traffic, firewall appliance loses the power supply, etc. In either case, hardware failover takes place in which the backup firewall automatically becomes active till the time the primary firewall comes up again.

Stateful Hardware Failover

Unlike traditional hardware failover, in which the network traffic is redirected to the interface of the backup firewall and all running sessions are reestablished, in stateful hardware failover, the interface pretends to be that of primary firewall. This becomes possible because of the concept of virtual MAC which is used while configuring stateful hardware failover.

In traditional hardware failover, although both primary and backup firewalls have a common IP address that makes the packet reach the destination, because of different MAC address the sessions are renegotiated and reestablished. On the other hand, with the help of virtual MAC address, both primary and backup firewalls use same physical address during the communication. This makes the sessions assume that no errors have been occurred at hardware level, and network is running flawlessly.

Since the stateful hardware failover remains transparent to network objects, no reestablishment of the running sessions takes place. This provides continuous network connection with almost 0% downtime.