Hi Philipp,
Hi Peter, When you say "failsafe", did you intend to be redundant through that setup with multiple servers behind that router ?
Yes.
Then I would add to the setup that Stefan recommended (which is the same I would prefer over yours ...;-) ) as follows:
(|ISP-Router|) |
---------(|1st SWITCH|)------------ ... | | (|1st Firewall|) (|2nd Firewall|) | | ---------(|2nd SWITCH|)------------ ... | | | (|Server 1|)(|Server 2|)(|Server 3|) ...
what you have here is a redundant Setup of your firewall, if one goes down, the other is taking over the whole traffic. You don't need a complicated setup for this, in the simplest way you could do this by adding alternative routes and duplicate the DNS entries of your firewall (internal and external). The rest is done by the DNS and its "round robin" should give you a simple kind of load balancing, if both systems are up.
That's another nice solution. But I still wonder if "my way" ( firewall on every server) is more feasable in the case of running only 3 servers. I see, I forgot to say, that I will only have 3 servers for now. I think if the number goes up to 5 then I will implement the one or the other solution (now that I have enough ideas) And until then I have enough time for playing around with all that.
I do this at two sites with very good success and I am able to do maintenance on that systems, while everybody keeps on working, without them even noticing my reboots ;-)
I always try to pretend there was no reboot :) "The server wasn't up? Must be something with your network connection" :) Thanks a lot! This list is really helpful (both reading and asking (partly dumb :) questions). Peter