> Well, looks interesting, but I didn't try it. It maybe too > complicated, when redundancy need to be as simply as possible. Instead > of this, you can just add another node(s), this is the safest solution, > I think.
Well, another node implies two nodes for redundancy. And two independant firewall clusters means two independent rulsets to manage. I think i will try ifstated with a finite state machine based on ping test and demotion counter. -- Dipl.-Ing. (FH) Joerg Streckfuss, Phone: +49 40 808077-631 DFN-CERT Services GmbH, https://www.dfn-cert.de/, Phone +49 40 808077-555 Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737 Sachsenstra_e 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski [demime 1.01d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]
