Chris Buechler wrote: > Scott Ullrich wrote: >> On 11/20/07, Paul M <[EMAIL PROTECTED]> wrote: >>> two firewalls, fwa, fwb, fwa is the master and replicated to fwb >>> Could there be added in the UI (advanced options maybe) a flag to >>> indicate that this FW is a slave, and then grey out anything which is >> This is a great idea but it needs to be further thought out. What if >> you loose the master firewall and in an emergency you need to change a >> firewall rule but it is greyed out?
just go to advanced and uncheck the slave box. > It could allow editing if it has master status. It would have to go > further than that as well. If you allow any editing on the secondary, > when the primary came back online it would get overwritten with the old > config. perhaps when the slave box is unchecked it will *receive* the update from the master but *not load* it - offering a UI request to say "there's an update queued from the master firewall, accept?" it could even offer a diff to allow you to see what changes you made. > A number of issues to address with this, though it's something we'd like > to see done eventually. yes, making it foolproof would be tricky, there's probably not much middle ground between a simple edit-lockout and a full blown multi-master system. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
