Once I had 2 firewalls configured in High Availability for redundancy, active/passive, so if one dies the other becomes active. They both plug into the same ISP and use MAC address cloning to achieve this. Well the link between the 2 firewalls for heartbeat went bad and both became active with the same MAC.
The effect I experienced was 50% packet drop, every other ping failed as they both fought each other. Lesson learned and now I use at least 2 links between both firewalls in case one fails.
Once I had 2 firewalls configured in High Availability for redundancy, active/passive, so if one dies the other becomes active. They both plug into the same ISP and use MAC address cloning to achieve this. Well the link between the 2 firewalls for heartbeat went bad and both became active with the same MAC.
The effect I experienced was 50% packet drop, every other ping failed as they both fought each other. Lesson learned and now I use at least 2 links between both firewalls in case one fails.