Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
543
Views
3
Helpful
4
Replies

Firewalls - Management

Mikey John
Level 1
Level 1

‎07-08-2013 07:32 AM - edited ‎03-11-2019 07:08 PM

Hi,

I have two Palo Alto firewalls connected to 2 x 4900M switches. I have assigned a /29 subnet (Vlan 100) for FW handoff and assigned IPs from this range to these devices.

I need to connect the management ports of the FWs too onto the switches. Can I connect the Mngmt port of the firewall and assign IP from the same /29 subnet? Or else it should be from a different subnet?

Can anyone please point me to a simple design which talks about IP assignments and port connections for Firewalls? And maybe some link which talks about design aspects involving firewalls?

Iam sorry if I have reached the wrong forum, but would appreciate your help in pointing me to the right direction.

Thanks

Mikey

Labels:
0 Helpful
4 Replies 4

Mikey John
Level 1
Level 1

‎07-08-2013 08:07 AM

Appreciate if someone replies to this post.

Thanks

Mikey

0 Helpful

Jouni Forss
VIP Alumni
VIP Alumni
In response to Mikey John

‎07-08-2013 08:17 AM

Hi,

Well this is mainly a Cisco forum so there isnt really any information here regarding Palo Alto firewalls unless someone happens to have used them or is still using them. And to be honest there is very little discussion here about other vendor products in general from what I have seen.

I have personally never used the firewalls in question so I cant really help you.

I would imagine that the Palo alto has some manuals/document that would provide information about setting them up in different scenarios? I can't really say as I have never dealt with Palo Alto products.

- Jouni

0 Helpful

Mikey John
Level 1
Level 1
In response to Jouni Forss

‎07-08-2013 08:20 AM

Hi Jouni,

Thanks for your reply. Iam just looking for the standard practices while connecting and managing Firewalls in general (be it Palo Alto or Cisco ASA), and in my case how best to assign management IPs to FWs.

If you could point me to the Cisco documentation on Firewall design, that would be helpful too.

Thanks

Mikey

0 Helpful

Jouni Forss
VIP Alumni
VIP Alumni
In response to Mikey John

‎07-08-2013 08:51 AM

Hi,

Well when talking about Cisco ASAs I guess the main management setups would be to

  • Use existing Data interfaces for management. This is a pretty common setup with regards to the situations I see here on the forums.
  • Use the separate Management interface solely for managing the firewall and connect this interface to its own Vlan/VRF on the core network.
  • Use a management network separate from the actual data network and connect this network either to the Management interface or have a separate device to provide Console access to the firewall directly. This would be especially good in certain troubleshooting situations.

Majority of the firewalls I manage are part of a separate management network isolated from all other networks. We have a predefined address space used for all those management purposes and reserve small subnets whenever a new device is connected to the network.

With regards to the documents its hard to say. I have never really used any. I have mainly dicussed the options regarding our network with my more expirienced co-workers.

Looking around quickly with Google will probably provide the same results as I got

For example:

http://www.cisco.com/en/US/docs/solutions/SBA/August2012/Cisco_SBA_BN_FirewallAndIPSDeploymentGuide-Aug2012.pdf

http://www.cisco.com/en/US/docs/solutions/Enterprise/Security/IE_DG.html#wp42252

Hope this helps

- Jouni

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card