On Thu, 22 Jul 2010 17:15:00 +0100 sslay...@iom.com wrote: > Ok we have 4 firewalls providing internet connectivity whose internal > interfaces > are on a single shared subnet, although the IPs are different. Outbound > traffic > from the various hosts on this subnet are distributed across the firewalls by > setting the firewall internal IP's as the various different GW addresses. > i.e. > Hosts A/B/C/D use FW1 as their GW, hosts E/F/G/H use FW2 as their gateway etc.
This design seems to be too complicated (in my opinion, but maybe you have a reason for it). My idea would be to either a) setup the firewalls with carp and build a fail-over / load balancing design instead of this "manual" balancing b) use Nagios, or at least the nrpe tool, and let the firewalls do the outbound checking (and only "ask" them if the test was successful) regards, Robert
