https://community.cisco.com/t5/network-security/firewall-integration/m-p/2903940#M153991 <P>Hi,</P> <P></P> <P>It depends mostly on the amount of traffic you must be passing through the ASA's.</P> <P></P> <P>What is the load, what type of traffic is it ?</P> <P></P> <P>You can configure ASA clustering on the external FW's that would help you to load-balance the traffic.</P> <P></P> <P>http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/ha_cluster.html</P> <P></P> <P>Regards,</P> <P></P> <P>Aditya</P> <P></P> <P>Please rate helpful posts and mark correct answers.</P> Wed, 11 May 2016 13:14:28 GMT Aditya Ganjoo 2016-05-11T13:14:28Z https://community.cisco.com/t5/network-security/firewall-integration/m-p/2903939#M153990 <P>Hi,</P> <P></P> <P>I need some design assistance for data center firewall build, as customer has 4 firewalls as per below; for which i need to combine below in 2 ASA 5585-SSP-20 (1 pair for External, 1 pair for Internal) , so what are the things i need to consider for designing?</P> <P></P> <UL> <LI><SPAN style="line-height: normal;">3 External facing FW's( Internet+Anyconnect+Site to Site VPN FW, Offload internet for remote sites FW, EDI FW)</SPAN></LI> <LI><SPAN style="line-height: normal;">1 Internal (PCI involved)</SPAN></LI> </UL> <P><SPAN style="line-height: normal;"></SPAN></P> <P><SPAN style="line-height: normal;">Thanks and Regards,</SPAN></P> <P><SPAN style="line-height: normal;">Sankar</SPAN></P> Wed, 13 Mar 2019 01:09:39 GMT https://community.cisco.com/t5/network-security/firewall-integration/m-p/2903939#M153990 skrsubramaniyam_CTS 2019-03-13T01:09:39Z https://community.cisco.com/t5/network-security/firewall-integration/m-p/2903940#M153991 <P>Hi,</P> <P></P> <P>It depends mostly on the amount of traffic you must be passing through the ASA's.</P> <P></P> <P>What is the load, what type of traffic is it ?</P> <P></P> <P>You can configure ASA clustering on the external FW's that would help you to load-balance the traffic.</P> <P></P> <P>http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/ha_cluster.html</P> <P></P> <P>Regards,</P> <P></P> <P>Aditya</P> <P></P> <P>Please rate helpful posts and mark correct answers.</P> Wed, 11 May 2016 13:14:28 GMT https://community.cisco.com/t5/network-security/firewall-integration/m-p/2903940#M153991 Aditya Ganjoo 2016-05-11T13:14:28Z https://community.cisco.com/t5/network-security/firewall-integration/m-p/2903941#M153992 <P>Hi Aditya,</P> <P></P> <P>That was not answered my question, my intention not only for load-balancing, also i need to design the network based on compliance as well. as said above, in my new requirement i have 1 pair ASA available for external (Perimeter) &nbsp;traffic like&nbsp;<SPAN> Internet+Anyconnect+Site to Site VPN FW, Offload internet for remote sites, another 1 pair is available to accomodate internal traffic like PCI, EDI segments. Mainly most of the remote offices are connected thru DMVPN tunnel as secondary path for corporate internet.</SPAN></P> <P><SPAN>Remote locations Types:</SPAN></P> <P><SPAN>Type1 = Internet+MPLS</SPAN></P> <P><SPAN>Type2 = Internet only</SPAN></P> <P><SPAN>Type3 = MPLS only</SPAN></P> <P><SPAN></SPAN></P> <P><SPAN>In the above scenario, all corporate traffic should come thru MPLS and internet should come thru DMVPN, only in Type1 if MPLS is down corporate&amp; internet traffic comes thru DMVPN tunnel. in this topology which is best way to place firewall to pass through the traffic?</SPAN></P> Fri, 13 May 2016 18:24:11 GMT https://community.cisco.com/t5/network-security/firewall-integration/m-p/2903941#M153992 skrsubramaniyam_CTS 2016-05-13T18:24:11Z