[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Hardware configuration

On Fri, 26 Apr 2002, istene wrote:

> I use multiple firewall because i do not want to have a single point of
> failure in my net. Configuring iptables is not a problem, the configuration
> in the three firewalls is very similar. I think that redundancy, in securing
> networks, is not an error... I have not understood why you think is an error
> using multiple firewall (I'm not english mother tongue and i do not
> understand the expression "stone drag", could you please explain?).

Stone drag == unpleasant; boring; uninteresting.

If you have multiple indepedent firewalls for multiple redundant links, then
which one does a host use to send a packet?  Do you segment it so that a
proportion of your hosts use each one?  If so, when one link goes down
some of your hosts lose connectivity.  Or, if they all have all the gateways
listed, you need to be running a dynamic routing protocol everywhere to
pick which one to use, which is a management pain.  If redundancy is your
thing, then perhaps a clustered firewall with failover might be your best
option, with a cluster of links channel bonded or similar to provide
comprehensive redundancy.

The next question of course is - do you, really, need that much reliability?

#include <disclaimer.h>
Matthew Palmer

To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: