Here is the classic example: - Customer has Verizon FiOS, ONT only has a single Ethernet port - Said port goes directly to a firewall (Sonicwall, Watchguard, pfSense, etc). - Customer finally updates phone system from 1876, but goes with some know-it-all VOIP phone guy and he absolutely, positively needs his own Edgewater POS and it absolutely needs a direct external IP. - VOIP guy wants to have his edgewater infront of your firewall, but you pay for 500/500Mbps and that Edgewater is going to be only capable of 65-70Mbps if you are lucky.
What do you do? Dirty Switch, take a switch, make 2 firewalls share 1 isp. But is there a better way.
On virtualized firewalls, I have put a quad-port nic in one of the servers and made that a VMWare Switch and handled it that way, but that is really just the same thing.
I understand the entire "Single Point of Failure" and I've actually had it happen and I have used passthrough adapters when doing Active/Passive redundant firewalls.
Another option (more for like pfSense) was to create a WAN Bridge Group - which again is just another dirty switch.
Last option that I was thinking. Ubiquiti EdgeRouter, and maybe routing the IP's. It's a firewall in its own right, albeit highly limited in the firewalling. But, I feel better with that touching the naked internet instead of a switch - even a dumb one. I can give it one IP, I can have it email me, and the darn things can probably max out a gig line.
Ideas? Rants? Raves? Insults? Let 'em fly.
No comments:
Post a Comment