[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Hardware configuration

I have many (about 10) LIS (logical ip subnets), and they must communicate
only under specific condication. I have grouped them in such a way each one
have only one firewall, and each firewall provides Internet connectivity and
other LIS communication. The most important thing, for my customer, is
having office and administration LIS separed by classrooms and labs LIS. My
customer has buyed 4 ADSL connection from a telco then he tells me: ok,
configure them for all the school. The three firewalls we'll use will not
cost very much, they're 486 with some RAM, administrating them will not be a
pain 'cos their configuration will be very similar...
The idea is that hosts will not know anything about Internet connection,
their packets will be routed /filtered/logged by the firewalls, and the
firewalls will decide what's the best connection to use... If a link fails
down at the moment some hosts could lose connectivity, but i plan to use a
routing protocol in between firewalls for each LIS (maybe OSPF)...

> If you have multiple indepedent firewalls for multiple redundant links,
> which one does a host use to send a packet?  Do you segment it so that a
> proportion of your hosts use each one?  If so, when one link goes down
> some of your hosts lose connectivity.  Or, if they all have all the
> listed, you need to be running a dynamic routing protocol everywhere to
> pick which one to use, which is a management pain.  If redundancy is your
> thing, then perhaps a clustered firewall with failover might be your best
> option, with a cluster of links channel bonded or similar to provide
> comprehensive redundancy.
> The next question of course is - do you, really, need that much
> --
> -----------------------------------------------------------------------
> #include <disclaimer.h>
> Matthew Palmer
> mjp16@ieee.uow.edu.au

To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: