Firewall fault best practices: redundancy and monitoring

My company encountered a firewall fault recently, which caused the company to go down for several hours. Fortunately, we have a backup device that can be replaced. However, what suggestions or best practices do you have to properly manage unpredictable firewall failures?

Brad Casey:For firewall faults, I suggest two words: redundancy and monitoring.

Redundancy:This not only involves replacing the backup device when a firewall fails, but also ensures that the device can be automatically transferred.

For example, in a Cisco PIX environment, you should configure two PIX devices, one as an active device and the other as a backup device. In most cases, the only additional infrastructure required is the Failover Cable, which is a serial cable that connects two PIX devices after a fault occurs. In this configuration, the communication between two PIX devices is performed by sending an ACK message every three seconds. If the ACK message is not confirmed, the device retransmits the message. If the ACK message is not received after five retransmission, the active device is considered faulty and the standby device is started.

Monitoring:Enterprises should build some monitoring devices in the firewall infrastructure to ensure that the firewall works properly. This process can be completely passive. You only need to configure some alert mechanisms in the monitoring device. Once exceptions are detected, you can issue alerts in a timely manner.

For example, if your organization has a tight budget and cannot afford a new monitoring device, you can configure a monitoring port on or after your firewall, then, Wireshark captures all traffic flowing through the firewall. Although this is not a firewall fault management mechanism, it helps you determine whether some specific aspects of your firewall are faulty.