Solved: High availability by 2 firewalls from diff vendors

ITexpert · ‎04-19-2018

Hello Security team,

I am using Fortigate Firewall right now, For redundancy I want to add one more firewall but not FortiGate.

I want to add Cisco ASA Firewall and want to configure as a secondary firewall, If in case Fortigate have some bug with IOS or hardware issue so that Cisco ASA will take care of everything including security policies, VPN tunnels etc.

The reason i am looking for something else is because sometime IOS issues can make down everything and having same vendors provide no solution.

Rahul Govindan · ‎04-19-2018

I do not think any Firewall vendor has this capability. Everyone has their own operating system and features built in. Plus most of them have different concepts of failover.

What you can do is keep a cold spare device from another vendor, configured in a similar fashion to the Fortigate device. When the Fortigate runs into an issue, rip and replace it with the spare Firewall. This would be a manual switchover. Or you can keep them both up running with different LAN and WAN ip addresses and change your default route when such a failover is needed. Again some sort of manual work required.

View solution in original post

Rahul Govindan · ‎04-19-2018

I do not think any Firewall vendor has this capability. Everyone has their own operating system and features built in. Plus most of them have different concepts of failover.

What you can do is keep a cold spare device from another vendor, configured in a similar fashion to the Fortigate device. When the Fortigate runs into an issue, rip and replace it with the spare Firewall. This would be a manual switchover. Or you can keep them both up running with different LAN and WAN ip addresses and change your default route when such a failover is needed. Again some sort of manual work required.