Maybe your network policy states that, but I would prefer for single point of failure devices to fail open, rather than closed. For us, network availability is a higher priority than protection is. If the firewall fails, I don't want the entire network down while we're waiting for a vendor to fix it. I'd be surprised if most networks aren't that way.
The problem with this, as I'm sure you know (but it bears repeating for the peanut gallery) is that it turns any DoS on your firewall into an instant security hole. That escalates the severity of DoS bugs on the firewall, which greatly increases the need to upgrade it when they're found, which can increase your downtime.
pgp00000.pgp
Description: PGP signature
