Fireboxes as boarder routers?
Can we use a M590 Active/Passive pair as the border routers connected directly to the ISP (Cox Communications Optical Internet) interface devices or do we need additional hardware routers and/or switches between our Fireboxes and the Cox equipment?
0
Sign In to comment.
Answers
You need a switch between all interface connections for A/P to work properly, including for external interfaces.
This could be provided by a VLAN capable switch to provide connection pairs for each interface on Firewall active & passive.
I've had customers plug clusters into ISP devices with multiple ports directly, and I'd fathom a guess of it working 50% of the time.
I would suggest using a switch between the ISP device and your cluster, if only because you control that device. If the ISP (for example) decides to enable a feature like STP on their device, it could potentially take one of your cluster members down.
In my opinion: It's honestly easier to plan for it to not work and have full control over your gear, instead of having it maybe work with the chance of it catastrophically breaking.
-James Carson
WatchGuard Customer Support