I'd definitely look at setting up an external source that pushes to both routers. You can either use the netconf or junoscript API yourself, or if you have any in-house linux experience you can check out the ansible based automation that Jeremy Schullman has been putting together:
https://github.com/jeremyschulman Frank Sweetser fs at wpi.edu | For every problem, there is a solution that Manager of Network Operations | is simple, elegant, and wrong. Worcester Polytechnic Institute | - HL Mencken On 10/11/2013 6:23 PM, Jesse Thompson wrote:
Hello, my company is working to expand from one single upstream provider to two upstream providers with two geographically distributed edge routers. We currently have a firewall configured (primarily ACL-based) on our single edge router, and we're wondering what's the best practice to handle the firewall now that it has two attack surfaces hosted at different routers. Is there a way the routers can be configured to share firewall rules? Master/slave pattern? Push settings from a central authoritative source? Or am I looking at things the wrong way somehow? I figure I can't be the first person who has needed to extend a firewall to multiple sites like this and keep it consistent, so any advice would be appreciated. Thanks. :) - - Jesse Thompson _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
