Ewww, HTML in email. You are aware of the dangers of using a browser to read email, right?
I am also trying to avoid cascading pfsense boxes, like routing from one to another, and the > second doing the NAT - as it is the opposite of high availability.
The way this is normally done for HA is to have dual paths, and network cross-links between the different layers, so that whichever one goes down, there is still a connection through that layer. It shouldn't be necessary for you, but if you have different hardware for the different layers it is less avoidable. But yes, 4 devices in a 2x2 would give worse availability than 4 devices in a 4x1, you mostly do multiple layers to isolate layers from each other, like having multiple file systems on a server so that one function can't hose the other one. -- Enhance your calm, brother; it's just ones and zeroes. Unix "guru" for rent or hire -><- http://www.lightconsulting.com/~travis/ GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484
