Then why not do LAN failover? That's a pretty well documented feature
of PIX OS 7 and up.

James Burns wrote:
> Sorry, to clarify:
>
> We will have two firewalls at either side of our campus serving the
> same internal network, but with different /external/ addresses - this
> is necessary because of the way that our provider has arranged things.
>
> Each runs OSPF. Both units are, in effect, active - but no traffic
> will be passed via the "backup" until the primary goes down, because
> of the way that the routing is configured.
>
> Cisco allows for active/active failover between Pix units, but ONLY if
> they are running multiple security contexts, and we do not do this,
> nor need to. What we're looking for is an elegant and preferably
> inexpensive way of keeping the ruleset up-to-date on both boxes
> without the need to manually edit on both every time a rule is
> added/amended.
>
> Hope this makes things clearer!
>
> James
>

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards