The short and too-easy answer is "have more than one of everything". The longer answer is much more complicated, and really depends on what vendors you're buying or looking to buy gear from, what features you've paid for an installed/enabled, now your network is laid out, how much you're prepared to spend, what you're willing to sacrifice, expected levels of service, etc., etc., ad nauseum. Probably the best network infrastructure design I've seen (in a smaller shop) has two Nokia firewalls teamed in a failover configuration with VRRP, with large Cisco Catalyst switches at the core (using HSRP tying everything together, with departments connecting to smaller non-redundant switches as needed. It had the stability at the core for the infrastructure and for datacenter hosts, and the lowered cost of the departmental switches for desktop connectivity (none of which needed a high level of availability). Out in the DMZ and to the Internet, OSPF was the protocol of choice.

The short and too-easy answer is "have more than one of everything". The longer answer is much more complicated, and really depends on what vendors you're buying or looking to buy gear from, what features you've paid for an installed/enabled, now your network is laid out, how much you're prepared to spend, what you're willing to sacrifice, expected levels of service, etc., etc., ad nauseum. Probably the best network infrastructure design I've seen (in a smaller shop) has two Nokia firewalls teamed in a failover configuration with VRRP, with large Cisco Catalyst switches at the core (using HSRP tying everything together, with departments connecting to smaller non-redundant switches as needed. It had the stability at the core for the infrastructure and for datacenter hosts, and the lowered cost of the departmental switches for desktop connectivity (none of which needed a high level of availability). Out in the DMZ and to the Internet, OSPF was the protocol of choice.