I thought that you may like a very simple (but powerful) script to check if your firewall filed over to the standby node.
The script is made from 3 files:
- active_fw_ip.txt
- standby_fw_ip.txt
- Checked_FailOver_FW.cmd
The first 2 files contain exactly what they mean, each one has the IP of the active / standby firewall, to know what IP to save in the file just run a tracert command and see what is the IP that the fw is using. (if not ask your network guy).
Next, save the following content to Checked_FailOver_FW.cmd file:
************************************************************
rem *** get last check details ***
set /p active_fw_ip=
set /p standby_fw_ip=
set checked_ip=172.19.1.201
rem *** execute check ***
tracert -d -h 2 %checked_ip% | findstr "%active_fw_ip%"
if %errorlevel% == 0 goto All_OK else
goto ip_changed
:All_OK
echo Nothing Changed...
goto end
:ip_changed
rem *** check if failover happened or something else ***
tracert -d -h 2 %checked_ip% | findstr "%standby_fw_ip%"
if %errorlevel% == 0 goto FailedOver else
goto Error_in_check
:FailedOver
rem *** update files ***
echo %standby_fw_ip% > active_fw_ip.txt
echo %active_fw_ip% > standby_fw_ip.txt
echo echo FW Failed Over !!!
rem *** Here you put
rem *** any alerts
rem *** you may want
rem *** for a fail-over
goto end
:Error_in_check
rem *** Probebly check did not go OK ***
echo Check did not executed OK, check...
rem *** Here you put
rem *** any alerts
rem *** you may want
rem *** for a failed check
:end
************************************************************
just fill in the action you want taken when the firewall failed over or when the check did not go well.
Enjoy.
[from several checks that I did it seems that the script will work only if the firewall that you check is your default gateway... sorry...]
[from several checks that I did it seems that the script will work only if the firewall that you check is your default gateway... sorry...]