16.07.2012 16:49, Spam пишет: > Thanks for the info guys. I know it is not a recommended solution, but I > have > 2 ISP links in 2 different locations, which are connected together via a > single 10GB > vlan trunk between 2 switches, so I'm kinda stuck. > >
I'd say the idea of splitting a firewall cluster into two geographically remote parts is itself worth to be revised twice. The chassis interconnect pitfalls are not the main caveat in such a design. The most important thing about FW clusters (or even any other statefull devices, like, say, BRAS) is that it's not just about the firewalls. It's even mostly not about firewalls but about integrating them with the rest of the network infrastructure. It also involves resilient solutions for routing and especially switching. I am not saying it's impossible, but I am just sure that a better solution exists in almost all cases. _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
