Trying to figure out something in a redundant firewall design. Two legged firewall design, two of everything. So two switches on the internal side of the cluster, two switches on the external side as well. Firewalls are running active/active. Internal switches are trunked together. External switches are trunked together. From top to bottom we have:

ExSwitchA ExSwitchB

FirewallA FirewallB

InSwitchA InSwitchB

Question is this: How can you cross connect, for example, the external switches so that ExSwitchA touches both FWA & B, and ExSwitchB touches both firewalls as well? Reason being if ExSwitchA fails, you still want B to throw packets at both firewalls.

I'm cooking up a few things in my mind but it gets ugly at layer 3. Assume that the firewalls cannot aggregate their links. Assume the clustering solution is a multicast software load balance solution. Assume OSPF is available.

I'm willing to live with "lose a switch, lose a firewall" and just have the firewall be fat enough to cope with the bandwidth but as an exercise I'm just trying to think about how to handle this.

The slides from Greg Conti's talk about Network Security Data Visualization are available here.

Interz0ne3 Network Security Data Visualization

Check Point Software Technologies and Zone Labs Inc. announced Monday that they had signed a definitive merger agreement under which Check Point would acquire privately held Zone Labs for $205 million.

...

A lot of consolidation in the security industry lately. Netscreen just bought Neoteris. Check Point was in the hunt there. I guess they decided to broaden their client security offerings/client base since they lost on the Neoteris bid. So we've got Netscreen acquiring an SSL VPN company and Check Point acquiring a personal firewall software company. Is this a tacit acknowledgement that Check Point's existing personal firewall client is lacking?

I say Netscreen is the one to watch. If they get good enterprise management for their devices and they integrate the SSL VPN functionality they just bought under that umbrella, look out.

Overall, this proves two things to me. Security companies are doing very well. And if you have a hot idea that people need, pursue it to be bought by bigger players who for reasons of shareholder accountability cannot be as flexible as you are.

Anyone want to go in and develop the premiere layer 2 firewall with me? :)

Check Point to acquire Zone Labs for $205M

] Want undeniable proof of press culpability, compare a google
] news search for "Walden O'Dell" with "Avi Rubin votehere" Not
] all of the Avi Rubin stories are critical, but we're talking
] about 63 to 9 here. Furthermore, consider the impact that the
] blaster worm stories have had on the American mindset. We may
] not say "this kid created the blaster worm" but we build that
] association in your head anyway.
]
] The AJC: "Furor over the report was partly defused when the
] lead researcher acknowledged this week that he failed to
] disclose that he had stock options in VoteHere, a company that
] competes with Diebold in the voting-software market, and was a
] member of VoteHere's technical advisory board."
]
] From ABC: Diebold officials said they were "shocked and
] disappointed" by Rubin's admissions.
]
] "Diebold Election Systems has consistently questioned the
] conclusions drawn by the Johns Hopkins-issued report," the
] company said in a statement. "It is now clear, by Mr. Rubin's
] own admission, that questions of bias must be considered."

I like this quote the best:

"I am committed to helping Ohio deliver its electoral votes to the President next year."

- Wally O'Dell, CEO Diebold

Yes, he really said that. Here's a good resource for this whole scam: www.blackboxvoting.com

RE: Diebold appears to have conflict