To acheive some level of network layer redundancy, we would like to have at least two nics that are used to proxy on our s650 (other than the management port). Therefore, it would be logical to just patch another nic into P2 (however I am aware that the Ironport system does not recognise this configuration, as P2 is currently only used as an outbound port for passthrough proxying, I beleive.)
I've just noticed this post on the thread announcing GA of 5.6.0;
To enhance the security of the WSA, we explicitly prevent the WSA from proxying requests on the P2 interface. Customers who need this functionality may want to wait for the 5.6.2 release, which will support this configuration.
So, I take it then that under 5.6.2 (when it is released) I'll be able to set up the dual nic situation as I mentioned above; with both P1 and P2 patched in, so that if one nic / cable / etc dies, it will continue to run merrily on the other port?
Thanks for the response. Yes, we are after option 1. I should've just mentioned dual-homing, and saved the confusion.
For us, it seems a bit of a waste to have the P2 port sitting there unused. We have already had an instance where a contractor knocked the cable that plugs into P1, and it disconnected. Obiviously, this resulted in an outage of our internet. Had the P2 port been provisioned with dual homing, this would not have occured.
It seems to be a logical step to me ... we do it with all our other servers in our environment. Any service that is even remotely important is setup with teamed nics, quite often with each nic patched into a different switch (but on the same subnet, with the same ip). This also prevents outages of the service if one switch fails. With all of the other redundancy in the s650 (power supplies, raid etc), the single proxying nic is the obvious possible point of failure for us.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...