Firewall Integration
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-11-2016 04:53 AM - edited 03-12-2019 06:09 PM
Hi,
I need some design assistance for data center firewall build, as customer has 4 firewalls as per below; for which i need to combine below in 2 ASA 5585-SSP-20 (1 pair for External, 1 pair for Internal) , so what are the things i need to consider for designing?
- 3 External facing FW's( Internet+Anyconnect+Site to Site VPN FW, Offload internet for remote sites FW, EDI FW)
- 1 Internal (PCI involved)
Thanks and Regards,
Sankar
- Labels:
-
NGFW Firewalls

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-11-2016 06:14 AM
Hi,
It depends mostly on the amount of traffic you must be passing through the ASA's.
What is the load, what type of traffic is it ?
You can configure ASA clustering on the external FW's that would help you to load-balance the traffic.
http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/ha_cluster.html
Regards,
Aditya
Please rate helpful posts and mark correct answers.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-13-2016 11:24 AM
Hi Aditya,
That was not answered my question, my intention not only for load-balancing, also i need to design the network based on compliance as well. as said above, in my new requirement i have 1 pair ASA available for external (Perimeter) traffic like Internet+Anyconnect+Site to Site VPN FW, Offload internet for remote sites, another 1 pair is available to accomodate internal traffic like PCI, EDI segments. Mainly most of the remote offices are connected thru DMVPN tunnel as secondary path for corporate internet.
Remote locations Types:
Type1 = Internet+MPLS
Type2 = Internet only
Type3 = MPLS only
In the above scenario, all corporate traffic should come thru MPLS and internet should come thru DMVPN, only in Type1 if MPLS is down corporate& internet traffic comes thru DMVPN tunnel. in this topology which is best way to place firewall to pass through the traffic?
