Re: Meshing firewalls

To: debian-firewall@lists.debian.org
Subject: Re: Meshing firewalls
From: Tarragon Allen <melange@n12turbo.com>
Date: Fri, 9 May 2003 18:03:21 +1000
Message-id: <[🔎] 200305091803.21873.melange@n12turbo.com>
In-reply-to: <[🔎] 1052461888.18718.1963.camel@jon.ivt.com.au>
References: <[🔎] 1052461888.18718.1963.camel@jon.ivt.com.au>

On Fri, 9 May 2003 04:31 pm, Jonathan Oxer wrote:
> So, the reason for posting: has anyone here done anything like this, or
> have alternative ideas about how it could be set up? Does my plan make
> sense? Is there a way to set this up without requiring 6 ethernet cards
> per firewall?
>
> Did I make an enormous blunder and should now retreat back under a rock?

First thought : your upstream routers, are they to seperate providers? The way 
we have ours setup is to have one provider as the primary, and a backup 
provider that essentially sees no traffic unless provider 1 falls over - and 
so we save a bit of money on bandwidth by having the plans set up 
appropriately. Now, if you have a similar setup, then you may have issues if 
Border router 1 dies and you need to rely on Provider 2 for all your 
bandwidth.

Second thought : You could probably combine those three internal switches into 
one by using a smart switch with VLAN support. This would also mean you can 
set up a second switch as a failover at that point too, and eliminate the 
need for so many ethernet points on the firewalls.

Third thought : There are multi-port enthernet cards avalable, we're presently 
trialing a 4-port card for a similar setup in our firewall. Google keywords : 
"adaptec starfire", although I'm sure there are others out there.

t
-- 
GPG : http://n12turbo.com/tarragon/public.key

Reply to:

References:
- Meshing firewalls
  - From: Jonathan Oxer <jon@ivt.com.au>

Prev by Date: Meshing firewalls
Next by Date: RE: Meshing firewalls
Previous by thread: Meshing firewalls
Next by thread: RE: Meshing firewalls
Index(es):
- Date
- Thread