PIX Firewall Resilience Question

["Garrahan, Kelvin" <Kelvin.Garrahan () compaq com>]

Hi,

I have seen design for a resilient PIX firewall configuration and I want
some opinions on whether it is a good configuration or not, also if any one
has a better Idea on how to implement a PIX failover system I would
appreciate it.

PIX config

Two PIX 515 with 4 port Ethernet cards in each.

*       Two interfaces are connected to outside network. Each outside
interface goes into a separate switch.
*       Two interfaces are connected to inside network. Each inside
interface goes into a separate switch.

Failover between the Firewalls is handled by the PIX failover cable.

My questions are;

1) Can you have two interfaces connected to the same network even if each
interface resides on a separate switch?

2) If the above can be done how is routing handled? from memory you assign
routes to interfaces


I think even if the above works the rules base would become very
complicated.

Again any ideas/help would be greatly appreciate.

Thanks in advance

Kel.

Kelvin Garrahan
Security Consultant
Compaq Professional Services,
Park House,
N.C.R.,
Dublin 7.
Tel:  353-1-8385433
Fax: 353-1-8384239 
Email: Kelvin.garrahan () compaq com
 <<Garrahan, Kelvin.vcf>>

Attachment: Garrahan, Kelvin.vcf
Description: