Of all of the SOHO range of firewall appliances available (HSC, NS-5XT, and NS-5GT), all but the HSC support providing a secondary path for untrusted traffic. That is, should the normal link fail, a backup link can be activated and thereby the connectivity restored. This is a very useful feature, as anyone who has suffered from unplanned Internet Service Provider (ISP) outages can attest to. Two different ways to make sure that redundant ISP links are available is either by using two Ethernet interfaces or using one Ethernet interface and the serial interface as the backup. In the first scenario, the common setup has two ADSL modems or routers connected to separate ISPs, with one being the preferred provider. In the second scenario, the typical setup has an ADSL (asymmetric digital subscriber line ) modem or router as the preferred link, and a modem connected to the serial interface providing dial-up access if needed.

When setting up redundant links, there are two main issues that must be specified: what will cause the backup link to activate, and how is it activated?

The event of deciding that the primary link is dead and the backup link should be activated is called a failover. The deciding factors for a failover includes such things as physical link failure, virtual private network (VPN) failure, or an IP address becoming unreachable.

Once a failover is triggered, the backup link must be activated. How this happens depends on...