Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall layer 2 cluster configuration

    Forum Feedback
    2
    2
    1373
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      praveen.varshney
      last edited by

      Can we have firewall cluster at layer 2??    Suppose we have two firewall machines. One firewall machine have LAN, WAN , OPT1(having some VLAN) ,OPT2 (having some VLAN) and Bridge(OPT1 and OPT2). And there is another firewall machine that doesnt have any LAyer 2 configuration. Now i want all config and states configuration on second firewall and automatic switchover from one firewall to another without using CARP as IP wont be required for Layer 2. Can anyone help me on this if it is feasible to configure firewall cluster on layer 2 or nor not. If it is can anyone explain me the procedure for it .???

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Performing HA or failover at layer 2 creates a layer 2 loop. You have to rely on STP or similar protocols to stop the loop and then switch the ports if the preferred path fails.

        It's a mess, an accident waiting to happen, and difficult to get right because a lot of it depends on your switches and not the firewall at all.

        You can certainly try it if you like, but it's not something we like to encourage. :-)

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post