HA Using Switches

The switch keeps a lookup table of which MAC address is attached to which physical port on the switch. It does not send packets out of the second port to a secondary Screen. This means that the hub for the HA cluster must be between the switch and the HA cluster.

Ideally, a security policy should not have a single-point of failure through which all traffic must pass. Using the same switch for both sides of the firewall, therefore, is not a good idea, even if each side of the switch is a different VLAN (virtual local area network).

You can configure some switches to work like virtual hubs. These switches work with SunScreen.

Previous: Remotely Administered SunScreen HA Configuration in Routing or Stealth Mode
Next: HA Network Connections and Failovers