Unfortunetly I canot paste a diagram to make my self clear but I will try to get my questions across.
I have always seen PIX as a device that seperates the network in to sections ( eg. DMZ, Internal..). You could use failover to recover from a failure, but what if I were to have for example a fully redundant DMZ witch would connect all servers to two three.. switches. you would connect a single switch to the PIX, what if that single switch fails, the whole DMZ would be disconnected from the rest of the network. I was wondering what could be done to minimize the impact of such a case on the PIX.
Is there some type of channeling possible for the PIX???. Or can I connect the PIX to two of my switches in the DMZ and use two interfaces on the PIX and give them the same priority ( The traffic wouldn't be able to pass from two interfaces with the same priority, as far as I have read) and use static routing to solve my problem??. Or is there another way??.
I would be very happy if some one could help me out on this. Thanks in advance.
The PIX can only be plugged into one switch on each dmz, so there is a single point of failure. Of course, the PIX is a single point of failure, so if you have two PIX's setup in failover, then you can put one into switch one and one into switch two. If one PIX or switch fails, the other one will take over. With only one PIX there is no way to achieve it.
Giving diffrent metrics to the single IP ( running HSRP ) of the switches. You could also define witch switch should be active so that the switch with the higher priority will have a lower metric on the PIX.
I do not have a lab for testing these things so I realy dont know.
To go along with the previous poster, the only way to achieve true redundancy in your network is to duplicate everything.
What you noted about the PIX being the single point of failure can be said for any firewall, unless it has two power supplies, to NIC's for each "interface", two motherboards, two CPU's, etc etc.
There is this marketing gimmic starting to go around where companies are integrating multiple WAN ports, or multiple NIC's for the internal interface etc and touting that these provide for high availability without using another unit. Well...what happens if your CPU dies, or your power supply dies.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...