Hello, my company is working to expand from one single upstream provider to two upstream providers with two geographically distributed edge routers.
We currently have a firewall configured (primarily ACL-based) on our single edge router, and we're wondering what's the best practice to handle the firewall now that it has two attack surfaces hosted at different routers. Is there a way the routers can be configured to share firewall rules? Master/slave pattern? Push settings from a central authoritative source? Or am I looking at things the wrong way somehow? I figure I can't be the first person who has needed to extend a firewall to multiple sites like this and keep it consistent, so any advice would be appreciated. Thanks. :) - - Jesse Thompson _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
