RE: Redundancy with ISA

Nice idea. They currently have two DSL lines from two different ISPs. The
first was only able to provide an ADSL setup with a max upstream of 256K.
Company does a lot of video conferencing and was having some problems with
quality. So they went with another ISP that offered SDSL and got a 1.1MB
line and are happy with it. There have been sporadic small outages but the
last was a long one that affected the business Thus the need to readdress
the redundancy issue.

They currently do not have budget for another server and ISA Server, thus
the elegant solution. All clients run the firewall client.

When I made the original switch, it was over the weekend after everyone
left. Business use was not interrupted. Doing this during the day poses some
issues, as a consultant I'm not always there. So I would have to get there
to make any kind of a switch.

I'm with you and that there doesn't appear to be a real easy and cheap
solution.

Art DeKneef
Avanti Computers
----- Original Message -----
From: "John Burridge" <JBurridge@xxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, October 30, 2001 10:04 AM
Subject: [isalist] RE: Redundancy with ISA


> http://www.ISAserver.org
>
>
> This is a bit dodge, but I have decided to give up on hoping you can get
the
> lines to failover nicely, and my company sure doesnt want to fork out on
> anything new, so this is the plan I have come up with. I am yet to put it
> into practice
>
> Basically, run two firewalls in an array, and install the firewall client
on
> all client machines, so that if one fails, you can stop the services and
> everyone will failover.
> To avoid having to intervene manually, install a program on each firewall
> that lets you set up a monitor on each to ping an address ( I would
suggest
> two different addresses, in case one goes down). At the moment I have
> Webtrends firewall suite, which can do this, though I am hoping to find
> something a bit lighter.
> If the monitor returns a failure, have it run a script which shuts down
the
> service on the relevant ISA server ( I am no programmer, so I would just
use
> rcmd.exe from the resource kit). Then have the monitor wait until it can
> successfully ping, before it runs a script to restart.
>
> I know this is not very elegant, but I would welcome anyones opinion on
> this.
>
> Regards,
> John Burridge
> Network Admin.
> mloop
>
>
> -----Original Message-----
> From: Art DeKneef [mailto:artdekneef@xxxxxxx]
> Sent: 30 October 2001 16:53
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Redundancy with ISA
>
>
> http://www.ISAserver.org
>
>
> This topic has somewhat been discussed in the list and was wondering what
> others were doing about it.
>
> Meaning, if we have two external lines, ISA can not automaticallly sense
the
> failure in one line and switch over to the other line. This has been
> discussed several times with the answer being you can't without extra
> equipment and cost. Something small businesses may not be willing to spend
> until the pain gets real bad.
>
> So the question is, how are others providing redundancy and do you switch
> lines or just wait out the down time?
>
> Besides switching the external lines on the ISA box and reconfiguring the
> external NIC and rebooting, has anyone come up with a more elegant, read
> that as quick and cheap, solution?
>
> Reason for the inquiry, a customer does a lot of transactions online and
the
> line went down for over 6 hours the other day causing them alot of anxious
> moments.
>
> Thanks
> Art DeKneef
> Avanti Computers
>
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jburridge@xxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
artdekneef@xxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
>

Other related posts: