Re: Concentrator inside of paired failover firewalls.

[Carson Gaspar <carson () taltos org>]

--On Friday, September 15, 2006 9:02 AM -0600 Aaron Smith <smitha () byui edu> 
wrote:
> On Thu, 2006-09-14 at 14:55 -0400, Carson Gaspar wrote:
> > --On Wednesday, September 13, 2006 2:26 PM -0600 Aaron Smith
> > <smitha () byui edu> wrote:
> > > Using a crossover cable is not a good idea.
> > >
> > > http://marc.theaimsgroup.com/?l=firewall-wizards&m=110633896023171&w=2
> >
> > Which is exactly the same as a switch failure, and if you can't handle
> > that, then your product/design is crap.
>
> Unless you are intelligent and home the firewalls to different switches
> (as we have done).  If both switches fail then you have bigger problems
> than firewall failover.
>
> > This is FUD.
>
> How, exactly?

There are _zero_ reliable commercial HA solutions that will go insane if 
you use a cross-over cable and they both loose link at the same time. If 
you use 2 switches, and the trunk between them fails, both devices think 
they are "up" (yes, you can use multiple trunks, but you can use multiple 
x-overs as well - keep it apples to apples). If you use a cross-over cable, 
and it fails, both devices think they are "down". Any decent HA system can 
handle both failure modes. If an HA system _can't_ handle both failure 
modes, it's crap and you shouldn't buy it.

-- 
Carson
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards