active-active vs active-passive firebox config

i need your opinion or experience with watchguard active/active versus active /passive firebox config. what are advantages or disadvantages ?


  • Options

    A/A Advantage - higher throughput
    A/A Disadvantage - higher cost if you license a Security bundle as you need to license it for both firewalls whereas you only need to license one firewall with A/P

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Active/Active is usually used in circumstances where the firewalls need to load balance. If you loose one of the firewalls, you effectively loose ~50% of your network capacity. Both firewalls need to have full security suite licensing in this case, as they're both using it at the same time.

    Active/Backup is the more common variant. One firewall is the active firewall, and the other is waiting to take over. Both firewalls need a support contract, but only one needs to be licensed for the security suite, and they share it. If you loose one of the firewalls, the other takes over and the users should not notice any change.

    I'd suggest contacting a WatchGuard Partner (you can find them at findpartner.watchguard.com ) whom can assist you in finding the best fit for your network.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.