Load-balanced cluster + IP address pools

It seems to be that "Network Access" doesn't work well in a load-balanced cluster.

 

 

I currently have two FirePass controllers in a load-balanced cluster as follows:

 

 

1) two large networks, in two locations (location A, location B), connected with a MPLS backbone to access the same shared resources

 

2) each location has a separate ISP connection (ISP A, ISP B; configured for failover)

 

3) The master controller is at location A, the Slave at location B; they sync with each other over the MPLS backbone

 

4) "Allow optional manual logon to slave nodes from master logon page" is set because some users might have a better connection via ISP B. Access to corporate resources via the MPLS backbone is the same from each controller.

 

 

No problems with Web Apps, but as far as network access is concerned I have found that:

 

 

1) the Slave controller will only hand out IP's from its default IP pool (i.e. I can't have multiple IP pools on the slave; I changed the address of the default pool to suit my needs)

 

2) I can only assign individual IP addresses from an IP pool on the Master controller (the Slave has no control over individual IP addresses), and can only assign one IP address per individual

 

 

Granted, one IP address pool on each controller works fine for now. However, I would prefer to have more granular control:

 

 

1) assign an individual one IP if logging in at Location A (from a pool on the Master), and another IP if logging in at Location B (from a pool on the Slave)

 

 

or

 

 

2) assign a group one IP pool at Location A (from multiple pools on the Master) and another at Location B (from multiple pools on the Slave)

 

 

Has anyone ever done anything like this, or is impossible?

 

 

-- J