08-23-2005 01:33 AM - edited 03-09-2019 12:13 PM
Hi Guys,
Let's say if I do not intend to use FO (Failover), and I would like to implement 2 FW as below,
1. is it possible to do this kind of configuration?
2. would there be any conflict of NAT?
3. can anyone give me ideas on how to make this setup work?
4. do the switch need to do equal costs load sharing?
5. Both the FW will be used for remote access VPN. Is this possible?
| 202.1.1.1/30
Router
| 200.2.2.1/29
|
|
L2 Switch
/ \
/ \
200.2.2.2/29 / \ 200.2.2.3/29
FW1 FW2
10.1.1.1/24 \ / 10.1.1.2/24
\ /
\ / 10.1.1.3/24
L3 Switch
|
|
PC default gateway pointing to 10.1.1.3 (switch)
Thanks.
08-23-2005 01:43 AM
sorry, the diagram isn't that clear.
FW1 and FW2 is located side by side.
08-23-2005 04:48 PM
Hi There,
There are a number of things to take into account when designing a network with this scenario.
1. How do you decide which firewall to use as a default? The only way to have the PIXes look like a single unit is to run FailOver.
2. Similar questions with regards to the return traffic.
3. If you have both active, and one fails, all current connections will time out when it moves to the redundant firewall.
You have to be careful with this sort of thing - most of your redundancy will be at layer 3 only.
Hope that helps,
-colin.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide