[Linux-HA] redundant firewalls with heartbeat

[Bjoern Metzdorf]

Hello everybody,

I want to setup redundant firewalls on two ISP uplinks on the external 
and multiple VLAN interfaces on the internal side.

Setup is as follows:

             2
        1/FW1-------ISP1
        / 4| \3    /
       /   |  \   /
      /    |   \ /
   LAN     |    /
      \    |   / \
       \   |  /   \
        \ 4| /3    \
        1\FW2-------ISP2
             2

1) eth0
2) eth1
3) eth2
4) eth3


a) If ISP1 goes down, FW1 should switch to ISP2.
b) If ISP1 is up again, FW1 should switch back to ISP1
c) If ISP2 and ISP1 are down we are lost or we try to switch to FW2
d) IF FW1 is down, FW2 goes on with connection to ISP1 (or ISP2)

The main problem: Heartbeat only allows me to failover complete services 
and machines.

Is there a way to make heartbeat on FW1 recognize the ping to ISP1 and 
switch to ISP2 instead of switching to FW2?

Thanks in advance

Regards,
Bjoern