Typical Cisco Multi-layered failover firewalling design & connections

wcywong · ‎10-22-2004

Hi

I am an new to design on multi-layered firewall with failover. There a couples of questions and pointers needed.

1. Where can I get more information on typical design information or guide on multi-layered with failover firewall using Cisco PIX.

2. How will be the network connection at the DMZ using switches that will be with both scenario of having redundancy and no reduancy conenctions on these connecting switches ?

3. How will be the network connection at the internal network using switches that will be with both scenario of having redundancy and no reduancy conenctions on these connecting switches ?

Thanks in advance.

ehirsel · ‎10-25-2004

So that I can better understand what you want to achieve, I need to make sure I understand what you want. When you say multi-layer, I take it to mean using multi-layer switches, ala layer 3 switching, such as the cisco cat 4500 or cat 6000 series switches using msfc or nffc modules to perform routing. Am I correct on that point?

When you mean connecting switches, do you mean switches that may or may not be multi-layered, that is seperate cat switches such as the cat 2950 or cat 3550 that is connected to the multi-layer switch. Am I correct on this point too?

And I assume that the firewall will be a separate device, as you mentioned pix but not the FWSM - they both use the same firewall technology but accomplish it in different ways and I want to make sure that your firewall is not an intergrated cat 6000 module.

Lastly, the pix is not a multi-layer device, as it does not do layer 2 switching, even though it can process IEEE 802.1Q tagged packets for vlan processing. It only operates at layer 3 and only for the IP protocol, and does not send BPDU frames.