[j-nsp] Keeping firewall rules synced on two edge routers, multihomed setup?
Jesse Thompson
jesset at gmail.com
Fri Oct 11 18:23:07 EDT 2013
Hello, my company is working to expand from one single upstream provider to
two upstream providers with two geographically distributed edge routers.
We currently have a firewall configured (primarily ACL-based) on our single
edge router, and we're wondering what's the best practice to handle the
firewall now that it has two attack surfaces hosted at different routers.
Is there a way the routers can be configured to share firewall rules?
Master/slave pattern? Push settings from a central authoritative source? Or
am I looking at things the wrong way somehow?
I figure I can't be the first person who has needed to extend a firewall to
multiple sites like this and keep it consistent, so any advice would be
appreciated.
Thanks. :)
- - Jesse Thompson
More information about the juniper-nsp
mailing list