On Fri, 26 Apr 2002, istene wrote: > I use multiple firewall because i do not want to have a single point of > failure in my net. Configuring iptables is not a problem, the configuration > in the three firewalls is very similar. I think that redundancy, in securing > networks, is not an error... I have not understood why you think is an error > using multiple firewall (I'm not english mother tongue and i do not > understand the expression "stone drag", could you please explain?).
Stone drag == unpleasant; boring; uninteresting. If you have multiple indepedent firewalls for multiple redundant links, then which one does a host use to send a packet? Do you segment it so that a proportion of your hosts use each one? If so, when one link goes down some of your hosts lose connectivity. Or, if they all have all the gateways listed, you need to be running a dynamic routing protocol everywhere to pick which one to use, which is a management pain. If redundancy is your thing, then perhaps a clustered firewall with failover might be your best option, with a cluster of links channel bonded or similar to provide comprehensive redundancy. The next question of course is - do you, really, need that much reliability? -- ----------------------------------------------------------------------- #include <disclaimer.h> Matthew Palmer [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
