When a single firewall is used in a network, the security it provides generally has the following attributes:
Lower cost— Only one hardware platform and a software license are needed.
Single point of failure— If the firewall hardware or software fails, no traffic can be forwarded from one side to the other.
Performance is limited— The total throughput of the stateful inspection process is limited to the firewall's maximum performance.
If one firewall is potentially a single point of failure, it is logical to think that two firewalls would be better. Cisco firewalls can be made more available when they are configured to work as a failover pair. Firewall failover can operate in two different fashions: active-standby ...