MountainBox features full redundance for hardware failover. Two or more firewalls can be configured as a failover group. If one interface fails on the primary or the primary goes offline
entirely, the secondary becomes active. Utilising this powerful feature creates a fully redundant firewall with automatic and seamless fail-over. While switching to the backup network
connections will stay active with minimal interruption for the users.
If the primary firewall becomes unavailable, the secondary firewall will take over without user intervention and minimal interruption.
Synchronized state tables
The firewall’s state table is replicated to all failover configured firewalls. This means the existing connections will be maintained in case of a failure, which is important to prevent network
disruptions. Configuration synchronisation MountainBox includes configuration synchronisation capabilities. Configuration changes made on the primary system are synchronized on
demand to the secondary firewall.
Server virtualisation has placed increased demands on the physical network infrastructure. A physical server now has multiple Virtual Machines (VMs) each with its own Media Access
Control (MAC) address.
This requires larger MAC address tables in the switched Ethernet network due to potential attachment of and communication among hundreds of thousands of VMs.
In the case when the VMs in a data center are grouped according to their Virtual LAN (VLAN), one might need thousands of VLANs to partition the traffic according to the specific group to
which the VM may belong. The current VLAN limit of 4094 is inadequate in such situations.
MountainBox therefore fully supports VXLAN.
VXLAN is an evolution of efforts to standardise on an overlay encapsulation protocol. It increases scalability up to 16 million logical networks and allows for layer 2 adjacency across IP
Multicast or unicast with head-end replication (HER) is used to flood broadcast, unknown unicast, and multicast (BUM) traffic.
This includes VXLAN support in the event that the limited number of possible VLANs is no longer sufficient in really large network environments. IPsec connections can be authenticated
using a public key. In addition to RSA, elliptic curves (ECC) are now available as key types when generating your own TLS certificates.