Hijexx wrote:
] I'm cooking up a few things in my mind but it gets ugly at
] layer 3. Assume that the firewalls cannot aggregate their
] links. Assume the clustering solution is a multicast software
] load balance solution. Assume OSPF is available.
]
] I'm willing to live with "lose a switch, lose a firewall" and
] just have the firewall be fat enough to cope with the
] bandwidth but as an exercise I'm just trying to think about
] how to handle this.

Well, as a general rule, if one of the firewalls doesn't have enough bandwidth to handle the load, then you don't haven an HA solution, because if a firewall fails it will impact your network performance. You really either need to have three firewalls, or you need to have two firewalls which can each handle the load independently of the other.

The only way to cross connect the firewalls is to have multiple interfaces on each firewall which have the same IP address, in the same way that in your existing configuration you have multiple firewalls with the same IP address. If your clustering solution supports clustering across multiple interfaces on the same device, as well as across multiple devices, then you can do it. If not, then you can't.

Does that answer your question?

RE: Help, I'm Stuck On Stupid