Florin,
Is there, or can you add, the capability to export and import 'rule set only' information for the purpose of running dual or hot standby firewalls?
Two possible scenarios:
1) Active-Passive Standby: Two MNF's set up as clones, one is idle, the other is active - Hot standby enabled via VRRP, each box will have different Ip's (and one virtual via vrrp) but the rulesets will be identical. A manual or automated process to mirror changes to the rulesets would be lovely :-)
2) Active-Active Clones: Two MNF's at different locations that border the same DMZ'z but enter the LAN at different points. OSPF on the LAN determines gateway availability and dynamic routing to DMZ's and External. Both firewalls need to hold the same rulesets, how can you centralise this management? A manual or automated process to mirror changes to the rulesets would be lovely :-)
Is this dealt with already? Adding rules twice (I will be using scenario 2 above) is a pain and potential for error.
Cheers
Sean Dunlop
Network & Security Administrator
Department of Treasury & Finance
200 St Georges Tce
Perth Western Australia 6000
Ph - (618) 9262 140
Mb - (618) [0]414 488 504
Email - [EMAIL PROTECTED]
Web - www.dtf.wa.gov.au
