03-13-2007 11:47 AM - edited 03-11-2019 02:45 AM
Hi,
Please see the attached network diagram...
We are looking at a management firewall (admin context) with multiple client firewalls. The management firewall will have a number of management servers that will need to access servers on the client firewalls.
Is this a supported configuration for the FWSM?
At the moment there seem to be routing issues as pings can go from one server to the other but the ping reply is never seen.
Thanks,
Chris
Solved! Go to Solution.
03-14-2007 02:28 AM
Hi Chris
I'm not completely clear from the diagram on your setup but it is a bit early in the morning and i haven't had my 5 cups of coffee yet :-)
In answer to your question though, yes this is a supported design for the FWSM. You can achieve this in one of 2 ways
1) configure access on each of the client firewalls to allow the management servers access. This means updating access-lists on all contexts if you change or add management servers.
2) Have a shared vlan that all the contexts can access. This works but you have to understand how the FWSM classifier works. On our FSWM's we share the outside vlan but do not use any other shared vlans. As i say tho, you can do this.
The FWSM config guide has a good explanation of how the classifier works
HTH
Jon
03-14-2007 02:28 AM
Hi Chris
I'm not completely clear from the diagram on your setup but it is a bit early in the morning and i haven't had my 5 cups of coffee yet :-)
In answer to your question though, yes this is a supported design for the FWSM. You can achieve this in one of 2 ways
1) configure access on each of the client firewalls to allow the management servers access. This means updating access-lists on all contexts if you change or add management servers.
2) Have a shared vlan that all the contexts can access. This works but you have to understand how the FWSM classifier works. On our FSWM's we share the outside vlan but do not use any other shared vlans. As i say tho, you can do this.
The FWSM config guide has a good explanation of how the classifier works
HTH
Jon
03-28-2007 06:24 AM
Looks like the problem was nat-control needed to be configured. This has now resolved all the problems.
04-16-2007 05:05 AM
Hi
You can share the same network between two virtual firewall but you have to configure nat-control to deal with it. But the simples way to deal with this is to split the vlan101 and vlan16 with a router, if you have sup720 you can use vrf or you can use a new hardware.
Best regards Stefan (sweden)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide