Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1460
Views
5
Helpful
4
Replies

Pre-deployment of 1120 NGFW

RomulusSenter92998
Level 1
Level 1

‎06-18-2020 09:38 AM

Hey all,

I currently have a Sonicwall Tz600 that is in place but looking to switch this out with an 1120 Cisco Firewall that is running in HA. I have gone through and configured the Cisco firewall, but before I roll it out to our production network, I want to test it on a lab network. In my search to understand the best setup, I keep hitting the roadblocks. Specifically, around the idea of how I will set my default gateway to point to the test network and keep our production network up? In a diagram, I have looked at it shows dual routers set up one on the Cisco firewall and one on the Sonicwall Firewall. The Cisco firewall will be outside the production network but will be configured with a VLAN that is on a different subnet but will route traffic back to the production firewall. I want to know if that is the best way to go about it and if I may run into a lot of con's that way? Also, if someone has some suggestions, please let me know?

Labels:
Preview file
7 KB
0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎06-18-2020 10:24 AM

You need to connect the new NGFW parallel to the exiting Firewall with different IP addresses inside and outside.(or now call zones in NGFW)

 

configure same like SonicWall access policy in to NGFW

 

Take test VLAN or Device like to test in new FW, move their Gateway inside the zone of NGFE from SonicWall, make sure it works as expected.

 

2 phase to role out same plan :

 

move slowly to other users to NGFW and remove SonicWall.

if you like to retain the same IP gateway and lot of tasks involved to change gateway, in the maintenance windows, shutdown SonicWall and move the IP address NGFW and test it, if any issue you can easily roll back to SonicWall, but replacing the NGFW.

 

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

RomulusSenter92998
Level 1
Level 1
In response to balaji.bandi

‎06-18-2020 10:41 AM

Hey Balaji,

Thank you for posting some information on my question. It almost sound like I need to set up a DMZ zone on both the firewall linking the VLAN in this zone that has the gateway on it? You also mentioned in the end, maybe to have some downtime and to test the connection and if all else fail quickly can roll it back. This is what I was going to do initially was taking a weekend without the test network, but just with schedule downtime setting up the Cisco firewall to match the current Ip's and configuration on the Sonicwall. Once I have tested stuff for a couple of hours, just roll it out, and if I notice any issues that may come up such as our VOIP phones and such, I will resolve them as they come.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to RomulusSenter92998

‎06-18-2020 11:40 AM

if you have voice network inside, make sure you disable SIP inspection from NGFW ( if not you see some odd voice issues)

 

yes if the business allow for the downtime, i do the steps that you mentioned. but someplace hardly get downtime, so best approach build green filed and test and move.

 

let us know any issues.

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

RomulusSenter92998
Level 1
Level 1
In response to balaji.bandi

‎06-18-2020 12:13 PM

Thank you so much for the advice!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card