fast international shipping
ISO 9001/27001 Corporate certification
Manufacturer certified experts for your project
What are actually... High Availability Clusters?
On our own behalf
The firewall has failed, suddenly the network is not only unsecured internally, but also no longer accessible from the outside. A true horror scenario, not only the productivity in the company is impaired, but also the trust of the customers in your company. Second example, a factory whose assembly line should never stand still can no longer be controlled after the firewall has failed. Production downtimes and delays are the result. Both cases have one thing in common, that no second firewall was used as a fail-over cluster. You can find out more about the advantages, possibilities of use and also the costs of a cluster here.
What is a firewall cluster?
A cluster is a combination of IT devices to enable data redundancy, prevent or reduce loss of important data and equipment failure. A firewall cluster is also intended to ensure that standard security and/or load balancing is maintained on the network. It should be noted that each manufacturer uses a different type of cluster and therefore you will incur different costs.
What are the types of clusters?
The type of cluster depends on two important factors. The first is how many firewalls are to be integrated into the cluster and the purpose of their cluster. For example, an active-active cluster is suitable for load balancing, while an active-passive cluster would be sufficient as a simple fail-over firewall.
The active-active cluster can also be used as a fail-over firewall. Normally, only one of the two firewalls is directly connected to the internet, this firewall is called the "master", if it should fail, the "slave" takes over within a few milliseconds. The network is never completely unprotected, but this security costs a little more because both firewalls require identical licences.
In the active-passive cluster, the passive firewall also reacts in the event of a defect. Since the data of the two firewalls is constantly synchronised, the passive firewall can switch to the active state within a very short time and the network is still protected. The active-passive cluster has the advantage that only one of the two firewalls needs to be "fully" licensed, the other firewall usually only needs a support licence.
Which high availability model is used depends on the respective manufacturer, an overview can be found in the following table:
| Manufacturer | Cluster Type | Costs | Special feature | ||||
|---|---|---|---|---|---|---|---|
| Fortinet | Active-Active | Each firewall "fully" licensed | Simple cluster setting, thanks to Fortinet Cookbook | ||||
| Sophos | Active-Active | Depending on the planned cluster, 1 to 10 firewalls "fully" licensed; all passive firewalls only support license | Up to 10 firewalls possible in one cluster | ||||
| Active-Passive | |||||||
| Stormshield | Active-Passive | 1 firewall "fully" licensed, HA firewall support licence | Extra HA firewall, fast transfer of licences and activation of HA | ||||
Marcel Zimmer is the Technical Managing Director of EnBITCon. During his time in the German Armed Forces, the trained IT developer was able to gain numerous project experiences. His interest in IT security was significantly awakened by his service in command support. Even after his service, he is an active reservist in the Bundeswehr.
His first firewall was a Sophos UTM 120, which he had to set up for a customer project. Since then, his interest in IT security has grown steadily. In the course of time, various security and infrastructure topics have come into his focus. His most interesting projects included, for example, WLAN coverage in an explosion-proof area, as well as a multi-site WLAN solution for a large