On Fri, Aug 08, 2003 at 09:01:02AM +1000, George Vieira wrote: > I need to be able to remove the external IP from the nic the minute firewallA fails so firewallB takes it and applies it to the external NIC. > Not sure how vlan works and if it's anything like IPSEC using a ipsec0 interfaces etc... You apply a patch (if your kernel doesn't support it) and the run vconfig... Very easy... But it seems you even don't need that (see below). > > So the external IP has to be a secondary to the nic otherwise there will be no IPs on the interface and HA has nothing to ping to test. What needs to ping what? Why don't you just use VRRP? and propagate the exit point through a routing protocol (OSPF)?? Easy and automagic with no manual intervention... Ramin > It's hard trying stuff out because these FW are both live and testing is a pain (VPNs running almost constantly too)..
