11-29-2007 11:08 PM - edited 02-21-2020 01:48 AM
Hi,
I have 2 pairs of pri/sec firewalls placed at remote locations. Each pair is working in a failover mode, that is, SITE-1-FW1 is being synchronized with SITE-1-FW2, and same is the case with SITE-2 firewalls.
Now, i am planning to upgrade SITE-2 firewalls, and for that i need to make sure that both pairs (on SITE-1 and SITE-2) should have up-to-date config. SO that i will route my traffic to SITE-1, will upgrade firewalls on SITE-2, and then will do the same for SITE-1. My question is, who can i automate this synchronization process, on firewalls placed at remote location.
09-11-2008 12:09 AM
Help needed
09-11-2008 03:40 AM
Can you be more specific on your requirements?
09-11-2008 06:27 PM
is it possible to update the ACLs of site-1 FW pair, on the site-2 FW pair automatically? I mean whenever someone adds/edit an ACL on site-1-FW pair, site-2-FW pair may automatically get updated?
09-11-2008 11:00 PM
In a word - no. The lan failover-syncronisation is between 2 firewalls in either active/standby or active/active, locally.
I would find it very strange to find any network where the same IP addresses were being used in 2 seperate locations.
Anyway - what you are asking, cannot be done.
HTH>
09-13-2008 05:10 AM
Same IP address scheme was advised by cisco advanced services team, and so far we are good with this without any problem, except this.
what about Cisco Security Manager? I heard using CSM, same security poilcy can be implemented accross multiple security devices on regular intervals, however i am still not sure if that is true...
09-13-2008 05:18 AM
Are you running the sites as active/active - if you are, how are you geting around the asymetric routing issues?
I do not know anything about the CSM - perhaps you should post a question in the MARS section.
09-14-2008 02:18 AM
Yes Mohsin there are two ways to do it, either manually or by using a configuration management tool like Cisco CSM. You can definitely make a 'Policy' in CSM and push it to multiple devices.
Regards
Farrukh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide