Firewall between servers in same cluster

sdrennan · ‎11-01-2007

We have a customer demanding that there is a Firewall between the pub/sub's in the same cluster. They are in seperate buildings (with ethernet between) I have seen this fail on other caustomers and removed the firewall however Cisco docs do not implicitly state you cannot do it.

Can anyone advise if they know if TAC will support this or have successfully managed to get this working

paolo bevilacqua · ‎11-01-2007

Try to bring back your customer to logic.

He would need not only a single firewall, but at least two, one for each building. Hence much higher acquisition costs and maintenance costs.

Since cisco doesn't mention this a recommended design, we can assume it is not recommended.

Beside, what a firewall would gain you? The CMs would keep exchanging sensitive data but the firewall would only hinder that, as it would not even protect the payload from being observed.

Good luck!

sdrennan · ‎11-01-2007

Unfortunately the solution is being delivered by another supplier. they are only handing over to us for support! We know it is a bad idea. Problem is making the customer understand that, especially when someone else is installing the solution says it will all work

paolo bevilacqua · ‎11-01-2007

t's not an easy situation, unfortunately I've seen that too many times. At some point it becomes pragmatic and correct to begin charging by the hour, for time spent fixing bad design decision taken by 'someone else'.

The only good thing is that being Cisco what it is, you can 'oppose' solid and documented reasons to what others just sell verbally.

Again, Good luck!