This is a discussion on Re: [fw-wiz] Concentrator inside of paired failover firewalls. - Firewalls ; On Sun, 2006-09-17 at 16:35 -0700, Carson Gaspar wrote: > There are _zero_ reliable commercial HA solutions that will go insane if > you use a cross-over cable and they both loose link at the same time. So, PIX is ...
On Sun, 2006-09-17 at 16:35 -0700, Carson Gaspar wrote:
> There are _zero_ reliable commercial HA solutions that will go insane if
> you use a cross-over cable and they both loose link at the same time.
So, PIX is not a reliable commercial solution then. OK.
> If
> you use 2 switches, and the trunk between them fails, both devices think
> they are "up" (yes, you can use multiple trunks, but you can use multiple
> x-overs as well - keep it apples to apples). If you use a cross-over cable,
> and it fails, both devices think they are "down". Any decent HA system can
> handle both failure modes.
Then PIX is also not a decent HA system. Great.
> If an HA system _can't_ handle both failure
> modes, it's crap and you shouldn't buy it.
>
PIX (using IP failover) is crap. I get it now.
As a final note, using a crossover cable with a PIX is very stupid. If
you keep the pair in the same room then use the failover cable.
IP-based failover is useful if the PIX pair is geographically separated,
in which case they'd most likely be homed to different switches. Which
was my initial point.
@@ron Smith
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards
