With today's escalating dependence on the Internet for communication and business transactions, information security is essential. Businesses and governments around the world must protect critical information assets around the clock. They can't afford a lapse. They can't afford downtime.

When one major US-based international telecommunications company estimated that each minute of downtime cost $185,000, the company turned to CyberGuard for a high availability security solution.

In fact, more and more companies around the world are implementing high availability to provide the redundancy and reliability they need to assure that they have continuous network protection. In the event that an active firewall/VPN appliance fails, a standby is ready in an instant to take over automatically, which means a network can be up 24/7.

Consider these advantages:

• Intelligent monitoring of the active appliance by the standby
• Automatic configuration synchronization between units
• State-synchronized, transparent failover of firewall
• Active and inactive roles exchange automatically at failover
• Dual heartbeat interfaces
• VPN failover recovery through automatic SA deletions
• Visual active/standby role indicators

Intelligent Monitoring

CyberGuard's high availability solution takes advantage of peer-to-peer architecture to monitor the active firewall/VPN appliance and automatically initiate a failover when necessary. There is no need for manual intervention on the standby unit for a failover to occur.

CyberGuard high availability uses an intelligent decision-making process to detect and recover from gateway failures. If the software detects a failure, it triggers the standby to take over automatically and assume the address of the active device. On average, failover takes place in less than 9 seconds.

Heartbeat interfaces provide dedicated communication between the two appliances. When a failover occurs, the IP addresses stay the same so the IP address does not change to the outside world. State synchronization assures that active sessions persist across the failover.

Replication of Data

High availability replicates important configuration information from the active to the standby firewall/VPN appliance. Information is synchronized between the two appliances to maintain identical security rules and attributes.

Auditing

High availability creates audit data for the security audit trail file so you can keep a record of active and standby units. If one of the machines fails over, it generates an alert.

In addition, there is automatic time synchronization between the active and standby machines, so there is a consistent reference between the independent audit trails.

Alert Options

There are a number of alerting options to choose from. When an alert event occurs, the active machine will trigger a notification mechanism that can include email or SNMP traps so support personnel can check on the system.

Manageability

CyberGuard's intuitive graphical interface lets users manage the high availability option as easily as they do the many other features on the firewall/VPN appliance. The system can be set up with a maintenance interface on both the active and standby units, and the windows have visual role indicators that provide a quick, visual display of the system and its state.

Available

High availability is offered with CyberGuard's 1000, 3000 and 5000 series premium firewall/VPN appliances.