2. Network layout

First, let's take a look at the environment in which our firewall clusters will operate. It's a very simple and "classic" network, made up of:

This environment requires that we setup two firewall clusters: the first separating the DMZ from the Internet (we won't take into account any router filtering); the second between the LAN and the DMZ. The network looks roughly like this:

Network Topology

The great advantage of this topology is that it needs two firewall clusters, thus allowing us to look over two slightly different cluster configurations. Jokes apart, these are some of its major benefits:

but there are also a few drawbacks: