Need some assistance with coming up with a solution for the following:
A server that has two network interfaces connected to two seperate isolated networks. These networks are just an 8 switch ring, but have no connectivity between each other.
Currently one firewall is in place connected to one of these networks.
The issue is that if one of these networks fails in anyway, there is no longer any external connectivity through the firewall.
So, I considered a pair of firewalls which are connected to both of these isolated networks.
The issue I'm seeing is how the client is going to handle this. As two default gateways is bad practice and (I believe?) unworkable, i'm not sure how the client can handle this.
Just a couple caveats:
I cannot change the two isolated network infrastructure, nor add/remove interfaces from the server, that MUST remain as it is.
Below is an image of what im trying to achieve:
**EDIT** - I forgot to mention a rather important point. The server does NOT require outbound access directly. However, external servers have limited connectivity (RDP and a couple other ports) to this server through a Nat'ed rule on the current firewall. I guess then I would need some kind of 'conditional' NAT rule on the new firewalls to ascertain if network A or B is up? Is such a thing possible?
Thanks in advance.
No comments:
Post a Comment