>From what I understand, UNIX/NT failover (Cluster level 1) has only three
o IP address assumption
o Scripts to start assumed services
o A SCSI 'disk hiding' technology (on shared SCSI bus)
You do need to assume the failed firewalls' IP address. I submit that
assuming the address is easier as a secondary address (scripting is a good
You do need to start services (scripting helps).
The third component is only (?) required when you want, what? If you
replicate the rules between the firewall pair, you've done all you can.
Shared disk does not _really_ maintain state, does it? I have this image in
my head that state is maintained between protocol stacks in memory, not disk.
Bill Stout (Systems Engineer/Consultant) stoutb @
Pioneer Standard (Computer Systems & Components) http://www.pios.com/
San Jose, CA (Location of 1 of 52 U.S. offices) (408) 954-9100
*My opinions do not reflect that of the company, and visa-versa, thankfully.*