firewall cluster

Hello,

We want to set up a cluster of two firewalls with heartbeat. It will be an active-passive cluster, so if main firewall fails, secondary firewall would become active.
We think that, although they are a cluster, they should have different Operating Systems (for example linux and BSD), so if a vulnerability has impact in our main firewall and drops it, the second firewall will start to serve without the same vulnerability affecting it.
Do you think is a good idea or is better to have two identical firewalls for compatibility issues?
Which combination of Operating Systems do you recommend?
Thanks,

Sandra

Relevant Pages

  • Re: mpich and iptables firewall?
    ... to me it seems a very weird setup to have a firewall running ... on the cluster nodes. ... Using SGE you could disable rsh and ssh completely ... Chain FORWARD ...
    (comp.parallel.mpi)
  • Re: firewall cluster
    ... I was thinking about installing one linux and one OpenBSD configured with HA in active-passive mode. ... Cluster with different OS: ... More complex in order to install, ... If a bug can drop one firewall, ...
    (Security-Basics)
  • Re: Firewall Failover with pfsync and CARP
    ... we are using carp + pfsync + vlan in order to realize a cluster of firewall ... > Firewall Failover with pfsync and CARP ...
    (comp.unix.bsd.openbsd.misc)
  • Re: firewall cluster
    ... I think you should take in account that the main reason to have a ha pair is for redundancy and availability and not to prevent firewall bugs. ... Deploy an ha solution with different OS could affect the effectiveness of the cluster itself. ... I was thinking about installing one linux and one OpenBSD configured with HA in active-passive mode. ...
    (Security-Basics)
  • Re: mpich and iptables firewall?
    ... if I interpret the firewall config correctly, then you allow ssh ... to me it seems a very weird setup to have a firewall running ... on the cluster nodes. ... Chain FORWARD ...
    (comp.parallel.mpi)