Alexander Goldstone wrote:
> I am not sure load balancing should be carried out by a firewall. Would it not
> be better to have a dedicated firewall(S) for each connection.
If you are describing separate hardware units I think that would
increase the complexity of the whole thing exponentially. I don't see
how it would be worth it.
> Automatic failover, however, would be good. Failover itself would be fairly
> trivial to add unless you expected state to be kept. It would be a bit more
> work to automatically update the configuration of the backup firewall as the
> primary firewall was changed. It would be a much larger job to failover keeping
In my case each WAN link has a different IP subnet. It wouldn't be
possible to perform a stateful failover.