Home page logo

firewall-wizards logo Firewall Wizards mailing list archives

Re: Concentrator inside of paired failover firewalls.
From: Carson Gaspar <carson () taltos org>
Date: Sun, 17 Sep 2006 16:35:56 -0700

--On Friday, September 15, 2006 9:02 AM -0600 Aaron Smith <smitha () byui edu> 
On Thu, 2006-09-14 at 14:55 -0400, Carson Gaspar wrote:
--On Wednesday, September 13, 2006 2:26 PM -0600 Aaron Smith
<smitha () byui edu> wrote:
Using a crossover cable is not a good idea.


Which is exactly the same as a switch failure, and if you can't handle
that, then your product/design is crap.

Unless you are intelligent and home the firewalls to different switches
(as we have done).  If both switches fail then you have bigger problems
than firewall failover.

This is FUD.

How, exactly?

There are _zero_ reliable commercial HA solutions that will go insane if 
you use a cross-over cable and they both loose link at the same time. If 
you use 2 switches, and the trunk between them fails, both devices think 
they are "up" (yes, you can use multiple trunks, but you can use multiple 
x-overs as well - keep it apples to apples). If you use a cross-over cable, 
and it fails, both devices think they are "down". Any decent HA system can 
handle both failure modes. If an HA system _can't_ handle both failure 
modes, it's crap and you shouldn't buy it.

firewall-wizards mailing list
firewall-wizards () listserv icsalabs com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]