I am trying to design multi-site network with resilience for the server farm and DMZ for both inbound and outbound resilience.
The following resilience that i want to meet at the first place:
1.For Server that located in server farm, the outbound can failover automatically between two internal firewall A and B. (e.g. If Firewall A is down, Server will automatically route via firewall B) 2. User Network A can access server farm via internal Firewall A, and User Network B via Internal Firewall B 3. Inbound connection is available either via WAN A(65.1.1.1/27) or WAN B(128.1.1.1/27), same routing path should be preserved (I know this maybe possible to use BGP to achieve multi-homing routing to preserve same sets of WAN IP)
May i know how i can achieve the resilience critiria as mentioned above? I have tried to set two default gateway for server inside the server farm, but for windows server it seems that it does not preserve the same routing path at all and i didn't know how to preserve the same routing path to prevent asymmetric route. Or do i need to implement other dynamic routing protocol between internal fierwall and servers?
Here is the network diagram: Multi-site Network Design for resilience
Configuring the servers to connect to multiple firewalls is unusual.
A more typical configuration would be to put a load balancer between the firewalls and the servers, or configure the firewalls for high availability.