Solved: Re: Cisco FPR-2110 Trunk port and allow routing via firewall - Page 3

inhamit · ‎04-19-2023

Hi, Can we configure the trunk port on Cisco FPR-2110 to communicate with Cisco 9300 series switches? I want to use Cisco FPR-2110 to allow routing between vlans after trunk port configuration.

MHM Cisco World · ‎04-21-2023

Hi, I got confused with this point "FW internet must connect to one Core SW not to both since the Core SW not run VSS nor vPC".
you Use FW(internet) HA, so I say perfect
I say FW must connect to one Core according to @Aref Alsouqi topology you can make second review you use one FW and connect it to both Core (which not run any stack), we could not connect one FW to two standalone SW, so I mention if you need to use two link use redundancy (one link active and other passive).

hope this clear to you

inhamit · ‎07-11-2023

@MHM Cisco World @Aref Alsouqi @Rob Ingram

Please suggest what port I should configure at Internet firewall side to route the traffic from Internal firewall?

Aref Alsouqi · ‎04-21-2023

If you have two ISP firewalls then I think the above design is valid. A single link (or port channel if you want to increase bandwidth) from each of the ISP firewalls to each core switch will do the job.

Aref Alsouqi · ‎04-21-2023

I think you could get away with those individual connections from a single firewall to multiple switches via grouping the interfaces of the firewall into a single logical interface using the IRB feature in routed mode.

inhamit · ‎04-23-2023

Quick Question here, Do we have any other option to allow the routing (between few vlans or IP address it should work and between few it restrict) on the same port between different vlan apart from router on stick option on the firewall side. Means, traffic from core switch enter to firewall on the same port and route back on the same port on different vlan as per the defined route .