Hypothetical question I've been musing over from a strictly academic perspective.
You have two firewalls both sharing the same external IP WAN block. Let's assume we own that entire /24 block.
ISP: 38.0.0.1/24
FW #1: Inside: 10.0.0.1
FW #2: Inside: 10.0.0.2
If you configure BOTH firewalls with an external NAT to translate 38.0.0.10 back to 10.0.0.100, both firewalls are going to be trying to respond to the ISPs ARP requests for "Where do I find 38.0.0.10?" Functionally, I'm pretty sure we just created an IP conflict (right?). In this scenario, would either firewall take precedence over the other due to some factor, or is it really as dumb as "whichever replies to the ARP request the quickest?". Would you see any sort of flapping of the ISP sending those packets back and forth between the firewalls? What would be the behavior here?
Thanks!
No comments:
Post a Comment