Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
608
Views
0
Helpful
3
Replies

Distance Between Two Firewalls in Cluster

manuadoor
Level 1
Level 1

‎07-16-2010 05:50 AM - edited ‎03-11-2019 11:12 AM

Hi All,

What is the recomended distance between two firewalls in Cluster, if it supports Failover thru wan, what is the recommended Latency? Will it support routed environment ?

Regards,

Manu B.

Labels:
0 Helpful
3 Replies 3

Kevin Redmon
Cisco Employee
Cisco Employee

‎07-16-2010 06:03 AM

Manu,

The two firewalls must be Layer-2 adjacent in order for the failover to work correctly.  This could be geographically close or far away.  If the latency is "too great" between the two firewalls, you can adjust the failover polltime interval and the holdtime to adjust and prevent/mitigate inadvertent failover.

If this helps, please be sure to mark this thread as "answered".

Best Regards,

Kevin

0 Helpful

manuadoor
Level 1
Level 1
In response to Kevin Redmon

‎07-16-2010 06:40 AM

Hi,

So that means, the link should be a swiched network?? Can't have an MPLS or Leased line (which is L3) for failover link?

0 Helpful

Panos Kampanakis
Cisco Employee
Cisco Employee
In response to manuadoor

‎07-16-2010 06:46 AM

Theoretically you could use MPLS ATOM for example so that the ASAs will be L2 adjacent. Interfaces on the 2 clusters should be L2 adjacent and they should be "seeing" the same traffic. So if one fails the other one will be able to take over.

I don't understand how you would have 2 ASAs in 2 different locations and they will be routing the same traffic though.

I hope it helps.

PK

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card