topic two firewall with same security level in Network Security

two firewall with same security level

Network Pro — Tue, 12 Mar 2019 03:56:43 GMT

hi,

my topology is

ISP 1 ISP 2

| |

Firewall 1 ----------Firewall 2

| |

| ___ L3 Switch ___|

Both firewalls are connected back to back with same security level (60). - DMZ interface

Both firewalls run ospf and default route is injected by firewall 1 to firewall 2 (dmz interface) and l3 switch - which is all fine. I can see the ospf routes but when i try to ping outside world from Firewall 2 through to Firewall 1 on dmz interface i cant seem to get a response although from L3 switch i can ping outside world ?

I have tried adding same-security level permit inter interface traffic (or something similar) on both interface of the firewall but no joy. any thoughts please ?

I don't think it is a same

Jon Marshall — Fri, 14 Mar 2014 12:07:57 GMT

I don't think it is a same-security issue as these are separate firewalls.

Are the DMZ interfaces using private addressing and if so have you setup NAT for them when they go via the outside interface ?

Jon

As Jon has mentioned this is

Marius Gunnerud — Fri, 14 Mar 2014 12:54:45 GMT

As Jon has mentioned this is not a security level issue, and is most likely a NAT issue, or possible a routing issue though this is very unlikely.

Please post the running configue (remove all passwords and public IPs) for both the ASAs. Seeing the configuration will help us identify where the problem might be.

Please remember to rate and select a correct answer