Dear community,
I have a physical cabling question, not sure whether to put it under security or under switching...
in our co-location, we have a redundant internet uplink from the ISP. At the moment those uplinks are connected to our switch-stack and one port is in alternate blocked state (via STP). We will install two ASA 5515-X in active/standby failover mode in a couple of weeks.
Is it a good idea to connect the internet uplink cables physically to the two ASAs? That would save some switchports and eliminates the possibility to configure a switchport into the outside vlan by accident. (One context of the ASAs works as transparent FW). In my opinion if one uplink switch goes down, the ASA would make a failover within seconds and so it should be the same redundancy as we have with STP.
Or does it make more sense to keep it like it is right now: Both uplinks directly connected to different switches of our stack and the ASA's outside interface also connected to two switches?
Any ideas or suggestions?
Thanks in advance!
Best regards,
Alex