11-29-2007 11:08 PM - modifié 02-21-2020 01:48 AM
Hi,
I have 2 pairs of pri/sec firewalls placed at remote locations. Each pair is working in a failover mode, that is, SITE-1-FW1 is being synchronized with SITE-1-FW2, and same is the case with SITE-2 firewalls.
Now, i am planning to upgrade SITE-2 firewalls, and for that i need to make sure that both pairs (on SITE-1 and SITE-2) should have up-to-date config. SO that i will route my traffic to SITE-1, will upgrade firewalls on SITE-2, and then will do the same for SITE-1. My question is, who can i automate this synchronization process, on firewalls placed at remote location.
le 09-11-2008 12:09 AM
Help needed
le 09-11-2008 03:40 AM
Can you be more specific on your requirements?
le 09-11-2008 06:27 PM
is it possible to update the ACLs of site-1 FW pair, on the site-2 FW pair automatically? I mean whenever someone adds/edit an ACL on site-1-FW pair, site-2-FW pair may automatically get updated?
le 09-11-2008 11:00 PM
In a word - no. The lan failover-syncronisation is between 2 firewalls in either active/standby or active/active, locally.
I would find it very strange to find any network where the same IP addresses were being used in 2 seperate locations.
Anyway - what you are asking, cannot be done.
HTH>
le 09-13-2008 05:10 AM
Same IP address scheme was advised by cisco advanced services team, and so far we are good with this without any problem, except this.
what about Cisco Security Manager? I heard using CSM, same security poilcy can be implemented accross multiple security devices on regular intervals, however i am still not sure if that is true...
le 09-13-2008 05:18 AM
Are you running the sites as active/active - if you are, how are you geting around the asymetric routing issues?
I do not know anything about the CSM - perhaps you should post a question in the MARS section.
le 09-14-2008 02:18 AM
Yes Mohsin there are two ways to do it, either manually or by using a configuration management tool like Cisco CSM. You can definitely make a 'Policy' in CSM and push it to multiple devices.
Regards
Farrukh
Découvrez et enregistrez vos notes préférées. Revenez pour trouver les réponses d'experts, des guides étape par étape, des sujets récents et bien plus encore.
Êtes-vous nouveau ici? Commencez par ces conseils. Comment utiliser la communauté Guide pour les nouveaux membres