Hi,

Just spamming... :)

Chad R. Larson wrote:

> the box against the additional complexity.  And remember, if you have two 
> firewall boxes, you have twice the chance of a failure.

While I'm no statestician, I'm rather sure that is not true, at least 
strictly speaking!

In this context, "failure" would be both boxes failing 
"simultaneously" (ie. second failure occuring before first one is 
fixed), this is MUCH less likely than a single box failing (at least 
if you aren't too lazy with repairs!)

But then there is, of course, the issue of the watchdog hardware or 
software failing, adding further complexity to the MTBF calculations?

Personally however, I feel that your argument about complexity holds. 
A box like a Soekris running m0n0wall should be quite stable in 
itself. Still, some people need 100% uptime...

Adam.

P.S. I'm not an expert in these matters, but wouldn't the (least 
complex) way of achieving failsafe connectivity be by using two 
m0n0walls on two independent WAN connections, and then configuring the 
hosts with both of them as gateways. While this probably wouldn't 
load-balance, I speculate that it would allow traffic to continue 
through either gateway, should one stop working? (Or perhaps a small 
script could do some ping-testing and switch gateway to the "backup" 
m0n0wall, in case of failure?)