connect two group redundancy firewall

hungvu.bk37 · ‎05-24-2022

Hi Alls,

I have a question when I try to connect 2 group of redundancy Firewall as picture below. I never try before. Is it possible to connect like picture and what I need to configure in both side?

Thanks in advance, and have a very nice day!

UdupiKrishna · ‎05-24-2022

If this is a like a perimeter firewall pair and LAN/data centre pair sure, but i would recommend getting some switches in between and do not connect them directly.

While a number of potential problems/limitations can be pointed out with connecting them directly, if FW1 or FW2 active and standby interfaces are to be monitored, they would start exchanging heat beat packets. If those interfaces are directly connected to other firewall's interface there's a potential loss of such packets causing failover issues.

hungvu.bk37 · ‎05-24-2022

Hi @UdupiKrishna,

Thank for your reply.

Can I asking exactly how many switch we need to add between them? and Do you have any topic and document related to "heat beat packets"?

Have a nice day.

UdupiKrishna · ‎05-24-2022

Logically two switches so that there's always connectivity should one of them fail. A trunk link between the switches

Here's a document - https://www.cisco.com/c/en/us/td/docs/security/asa/asa72/configuration/guide/conf_gd/failover.html (refer section unit health monitoring)

hungvu.bk37 · ‎05-24-2022

hi @UdupiKrishna, thank for your support