|
|
Usually, a WebSphere production system includes at least one firewall. Two firewalls are commonly used to create a demilitarized zone (DMZ) to enhance WebSphere system security. If the firewall fails, customers are not able to access any services and the site can be exposed to security risks (hacker's attacks). Therefore, the firewall availability is an important part of the WebSphere system's availability.
We can configure a highly available firewall environment by using two separate firewalls on two hosts. Some firewall products provide built-in HA features, such as state synchronization of the firewall modules that allow active connections to continue after failover. However, you also need a synchronization mechanism to synchronize the security policy (filter rules and users) between the firewalls or you will have a a single point of failure.
In this section, we discuss two advanced solutions:
