[j-nsp] Keeping firewall rules synced on two edge routers, multihomed setup?
Frank Sweetser
fs at WPI.EDU
Fri Oct 11 20:24:12 EDT 2013
I'd definitely look at setting up an external source that pushes to both
routers. You can either use the netconf or junoscript API yourself, or if you
have any in-house linux experience you can check out the ansible based
automation that Jeremy Schullman has been putting together:
https://github.com/jeremyschulman
Frank Sweetser fs at wpi.edu | For every problem, there is a solution that
Manager of Network Operations | is simple, elegant, and wrong.
Worcester Polytechnic Institute | - HL Mencken
On 10/11/2013 6:23 PM, Jesse Thompson wrote:
> Hello, my company is working to expand from one single upstream provider to
> two upstream providers with two geographically distributed edge routers.
>
> We currently have a firewall configured (primarily ACL-based) on our single
> edge router, and we're wondering what's the best practice to handle the
> firewall now that it has two attack surfaces hosted at different routers.
> Is there a way the routers can be configured to share firewall rules?
> Master/slave pattern? Push settings from a central authoritative source? Or
> am I looking at things the wrong way somehow?
>
> I figure I can't be the first person who has needed to extend a firewall to
> multiple sites like this and keep it consistent, so any advice would be
> appreciated.
>
> Thanks. :)
>
> - - Jesse Thompson
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list