We are executing a project of setting up a DR site with storage replication. We are planning to execute application failover between DC and DR. in phase iwe have installed 2 web servers(residing in DMZ zone and natted to global ip in DC) for DR.Also we are trying to failover an internal application also.It s in VMWARE .After discussion we saw a possibility to configure a failover using PF Sense but how to do it!!!.. Our current DC setup has switch-->Router(2900)-->Checkpoint utm (DMZ configured here)-->Core Switch(vlans here)-->Server Switch-->Internal Servers. THe Dr site shall have p-2-p link with DC and have ROuter(2900)-->ASA-->L2 switch-->servers.
Our routing is done in router and all vlans are in core switch and natting done in UTM. THe diagram is attached. i need help in figuring out how to configure this.Need to setup such that if the web services and internal app fail in DC then DR picks up.
as far as I know, PFsense does WAN failover, so that would be an option. For VMware you need to set up a High Availability (HA) cluster. Is the DR site supposed to be on your internal network (connected to the same Checkpoint UTM) or connected via the Internet at a completely different location ?
The Dr is in separate network and separate location. Planned to be connected via p2p. I am not so clear on how to setup network for this scenario. I have consulted with some local experts but they are also confused. For the web servers we cld do fail over using pfsense I guess but for application.. Maybe vm clustering should be used. However the concern is setting the network using g pfsense.
Regarding where to connect the Dr connectivity in DC, I thought of having it connected in the router but with my scenario I need to figure out the best fit so that I can have pfsense to perform Wan fail over and http fail over. Also need to figure out vm thing. Things are quite in mess.
so it is basically connecting the 2900 router at the DR site with the router at the DC site, and both routers need dual links for failover ? If that is your scenario, it would be quite simple to set up. Do you already know how your sites are going to be connected to the ISPs, e.g. via BGP or static routes ?
Actually the requirement of our Dr is to have storage replication and application fail over.
Just connecting the routers might not achieve us the solution. So we need sth for application fail over which we found in pfsense. But where to install pfsense in that diagram attached is a question.
I am no expert when it comes to PFsense, but I am not sure if that is the way to go in your situation...as I understand it, the machine itself on which PFsense is installed becomes the firewall and/or router, and requires multiple NICs. That would mean that this machine becomes the edge device for your sites...
Yes sir exactly. That's the thing. So we currently have our checkpoint serving as firewall and pfsense should be configured such that the regular traffic isn't hampered but to make sure it detects the http failure.
And to place it on n existing network..
Sir suppose we have to establish a Dr site with application fail over between DC and Dr(say for instance a web server) , how wld you go about it considering u had no active data guard or rac.