Forum Discussion
Hamish
Dec 01, 2010Cirrocumulus
My turn.
I always configure network failover. Even when you have a direct cable (Which is only good for a few metres). Belt & Braces... After all that's why you have 2 boxes. Because things can fail (And going active/active just because you lose one cable really annoys me).
I've used active/active in the past... It works. Not a problem. The reason most 'consultants' seem to recommend against it is because they're scared that you'll load each system > 50% and wind up with >100% trying to be processed on one box... Apart from that, I have never found anything to be worried about on that front.
Dazzla, not sure if you're suggesting that you want to load balance internal and DMZ traffic at the same time. I'd always recommend separate devices for this (I dislike effectively bridging firewalls with anything... Including where it would be 'accidental' and not by design).
H