Community discussions

 
sheldonlendrum
just joined
Topic Author
Posts: 2
Joined: Sun Apr 15, 2018 8:44 am

Duel Firewall rule or HA failover

Sun Apr 15, 2018 1:22 pm

Hi all,
We use the MT as our firewall, and a nat rule that sends all 80/443 traffic on an external IP to a NGINX load balancer on our internal network.
This works well.

BUT - what I want to look at is adding a failover rule, maybe with a script?, If the internal Load Balancer, lets say x.x.1.2 goes down, then the firewall rule will automatically reroute traffic to x.x.1.3.
I could set up a monitor machine that pings the LB updates the rule on the MT, or the MT just always LB's that traffic to both LB's?

How would you do this?
 
User avatar
IPANetEngineer
Trainer
Trainer
Posts: 899
Joined: Fri Aug 10, 2012 6:46 am
Location: Jackson, MS, USA
Contact:

Re: Duel Firewall rule or HA failover

Mon Apr 16, 2018 5:19 pm

There is a project on Github that worked on this concept (link below) and there are a number of examples of config synch scripts out there.

https://github.com/svlsResearch/ha-mikrotik
Expert consulting in | BGP | MPLS | OSPF | Se Habla Español 1-855-645-7684
http://www.iparchitechs.com #1 ranked MikroTik consulting firm in North America
 
2frogs
Member
Member
Posts: 300
Joined: Fri Dec 03, 2010 1:38 am

Re: Duel Firewall rule or HA failover

Mon Apr 16, 2018 6:29 pm

Netwatch to enable/disable nat rules
 
User avatar
juliokato
Member Candidate
Member Candidate
Posts: 178
Joined: Mon Oct 26, 2015 4:27 pm
Location: Brazil

Re: Duel Firewall rule or HA failover

Mon Apr 16, 2018 6:54 pm

Netwatch to enable/disable nat rules
Netwatch only monitoring icmp.
Not monitoring TCP ports 80 or 443 either services http or https. (like F5 or A10 balancers)
I apologize my grammatical errors, my english not so good, I am not a native speaker.
Wiki is maintained in English. I use Google translator. 8)
 
sheldonlendrum
just joined
Topic Author
Posts: 2
Joined: Sun Apr 15, 2018 8:44 am

Re: Duel Firewall rule or HA failover

Tue Apr 17, 2018 7:51 am

Thanks guys, I'll look at the gibhub project, and am looking at the API and putting a service in the middle that monitors bot hand alters the rules accordingly.
 
User avatar
juliokato
Member Candidate
Member Candidate
Posts: 178
Joined: Mon Oct 26, 2015 4:27 pm
Location: Brazil

Re: Duel Firewall rule or HA failover

Fri Apr 20, 2018 5:17 pm

Maybe using /tool fetch script be able to perform application monitoring http / https.

I never did, it's something to develop.
I apologize my grammatical errors, my english not so good, I am not a native speaker.
Wiki is maintained in English. I use Google translator. 8)

Who is online

Users browsing this forum: No registered users and 4 guests