Hi, all!
On Wed, Mar 21, 2007 at 09:59:03AM -0700, Jim MacLeod wrote:
> On 3/20/07, Zachary Grafton <chaotic.chowder@gmail.com> wrote:
> > Well, the greatest thing about the sidewinder is how easy it is to
> > configure things. It does have clustering and nice failover features,
> > which are in my opinion, extremely important. If you are worried about
> > performance with a Sidewinder, just buy another one and cluster them.
>
> Does it support active-active load splitting? Or do you need an
> external load balancer for that? How destructive is the transition
> when one fails? How extensive is the state sync? Will it scale to
> n+1, or is it limited to 2 firewalls?
Active-active with 2 units. Needs external load balancer for N > 2.
But facilitates policy configuration by "one-to-many" cluster mode,
i.e. you configure policy once for N firewalls.
Beware: active-active uses layer 2 multicast - which may be an issue if
your Internet uplink, is, say, 34 M and you have servers directly behind
or in front of the firewall on a 100 Mbit/s LAN. Your switches will
broadcast all traffic to the firewalls to all ports in the same collision
domain. Layer 3 separation of DMZ LANs recommended.
Regards,
Patrick M. Hausen
--
punkt.de GmbH * Vorholzstr. 25 * 76137 Karlsruhe
Tel. 0721 9109 0 * Fax 0721 9109 100
info@punkt.de http://www.punkt.de
Gf: Jürgen Egeling AG Mannheim 108285
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
|