Kelvin.Garrahancompaq.com

• Next message: Sink, Douglas D (Doug), BNSVC: "RE: High Speed Firewalls"
• Previous message: Carric Dooley: "Re: High Speed Firewalls"
• Next in thread: Mike Barkett: "Re: PIX Firewall Resilience Question"
• Reply: Mike Barkett: "Re: PIX Firewall Resilience Question"
• Reply: Bill Pennington: "Re: PIX Firewall Resilience Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I have seen design for a resilient PIX firewall configuration and I want
some opinions on whether it is a good configuration or not, also if any one
has a better Idea on how to implement a PIX failover system I would
appreciate it.

PIX config

Two PIX 515 with 4 port Ethernet cards in each.

* Two interfaces are connected to outside network. Each outside
interface goes into a separate switch.
* Two interfaces are connected to inside network. Each inside
interface goes into a separate switch.

Failover between the Firewalls is handled by the PIX failover cable.

My questions are;

1) Can you have two interfaces connected to the same network even if each
interface resides on a separate switch?

2) If the above can be done how is routing handled? from memory you assign
routes to interfaces

I think even if the above works the rules base would become very
complicated.

Again any ideas/help would be greatly appreciate.

Thanks in advance

Kel.

Kelvin Garrahan
Security Consultant
Compaq Professional Services,
Park House,
N.C.R.,
Dublin 7.
Tel: 353-1-8385433
Fax: 353-1-8384239
Email: Kelvin.garrahancompaq.com
 <<Garrahan, Kelvin.vcf>>

• application/octet-stream attachment: Garrahan__Kelvin.vcf

• Next message: Sink, Douglas D (Doug), BNSVC: "RE: High Speed Firewalls"
• Previous message: Carric Dooley: "Re: High Speed Firewalls"
• Next in thread: Mike Barkett: "Re: PIX Firewall Resilience Question"
• Reply: Mike Barkett: "Re: PIX Firewall Resilience Question"
• Reply: Bill Pennington: "Re: PIX Firewall Resilience Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]