Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
438
Views
0
Helpful
2
Replies

Two HA firewall cluster connected to each other

Go to solution
inhamit
Level 1
Level 1

‎10-25-2023 12:07 AM

Hi, We have two firewall clusters (Firewall 1 and Firewall 2), directly connected to each other as per Image below in Active Passive mode. 

inhamit_0-1698217309493.png

The problem I am facing here is, If any link on Firewall 1A goes down, Firewall 1B will become primary but there will not be any change over from Firewall 2A to Firewall 2B as none of the link goes down on Firewall cluster 2. In that case, Network connection to ICSS is not reachable even we have complete redundancy in the firewall. Could u please suggest any config to make this work, when link goes down on Cluster 1, accordingly primary firewall on cluster 2 will change and route the data between Telecom and ICSS network and vice versa

inhamit_1-1698217491826.png

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
M02@rt37
VIP
VIP

‎10-25-2023 12:13 AM

Hello @inhamit,

You need to implement proper network redundancy and dynamic routing protocols.

Set up VRRP on the internal interfaces of Firewall Cluster 1 and Firewall Cluster 2. Ensure that the virtual IP 'VIP' address is shared between the primary and secondary firewalls in each cluster. The primary firewall holds the VIP, and in the event of a failure, the secondary firewall takes over the VIP.

=> Use a dynamic routing protocol like OSPF or BGP on your network. Configure both clusters to participate in the routing protocol. This allows the clusters to dynamically adjust their routing tables based on network conditions.

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
M02@rt37
VIP
VIP

‎10-25-2023 12:13 AM

Hello @inhamit,

You need to implement proper network redundancy and dynamic routing protocols.

Set up VRRP on the internal interfaces of Firewall Cluster 1 and Firewall Cluster 2. Ensure that the virtual IP 'VIP' address is shared between the primary and secondary firewalls in each cluster. The primary firewall holds the VIP, and in the event of a failure, the secondary firewall takes over the VIP.

=> Use a dynamic routing protocol like OSPF or BGP on your network. Configure both clusters to participate in the routing protocol. This allows the clusters to dynamically adjust their routing tables based on network conditions.

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Go to solution
inhamit
Level 1
Level 1
In response to M02@rt37

‎10-25-2023 03:28 AM

Thanks.

Is there any other solution can u please suggest apart from VRRP? 

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card