On Fri, Jul 11, 2008 at 10:10:04PM -0400, Geoff Steckel wrote: > Jason Dixon wrote: >> On Fri, Jul 11, 2008 at 06:47:13PM -0300, Mart?n Coco wrote: >>> Hi misc, >>> >>> I'm currently looking for hardware alternatives for firewalls that >>> should have more than four NICs. > >> Why could you possibly need 6 physical interfaces? Even if you have a >> failover pair of firewalls and switches, with a dedicated pfsync >> interface, you could get by easily with three interfaces. The first two >> interfaces are trunked, one to each switch. Use vlan(4) interfaces with >> carp(4) on top of that. Your third interface would crossover between >> firewalls for private pfsync traffic. > > Hmmmm. "Why would you ever want to do that?" - really not a good thing > to say to someone... Saying that means you lack respect for the person > or lack imagination. "What are you using them for" is a better response.
> I've frequently used 5 ports on my firewall for multiple isolated subnets. That you frequently use 5 ports on your firewall shows a lack of respect for your switches, or a lack of imagination. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/
