2. Network layout

First, let's take a look at the environment in which our firewall clusters will operate. It's a very simple and "classic" network, made up of:

This environment requires that we setup two firewall clusters: the first separating the DMZ from the Internet (we won't take into account any router filtering); the second between the LAN and the DMZ. The network looks roughly like this:

Network Topology

The utmost merit of this topology is that, needing two groups of firewalls, it will allow us to look over two slightly different cluster configurations. Jokes apart, these are some of its major benefits:

but there are also a few drawbacks: