Cisco Community
English
Register
Great changes are coming to Cisco Community in July. LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
406
Views
0
Helpful
5
Replies
Bekzod Fakhriddinov
Enthusiast
Enthusiast
‎09-27-2021 01:43 PM
‎09-27-2021 01:43 PM

2 firewalls HA connect to 2 Internet circuits for redundancy trough sw

Hi,

I was asked to implement this: 2 firewalls HA connect to 2 Internet circuits for redundancy trough switch either catalyst or small business switch SG- 500/300/250. I dont like this not-standard setup and  I'd connect firewalls directly to the ISP modem/router BUT ISP modems have only 1 port each , so to make redundancy between HA firewalls we have to use switch... 

Firewalls will have ipsec vpn to other 6 sites and ssl vpn for remote users. 

I am not sure if the switch cpu and memory capable to process traffic, switch will have to tag and untag vlanid for that traffic for both circuits and I think this can overload cpu/memory on the switch and cause drops. Am i wrong? 

What experts think about this? 

0 Helpful
5 REPLIES 5
balaji.bandi
VIP Guru VIP Guru
VIP Guru
‎09-27-2021 03:12 PM
‎09-27-2021 03:12 PM

You can connect 2 Different VLAN in the switch, and FW you use different ISP config with respected IP config.

 

best is use Port-channel with sub-interface tagging with VLAN

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Georg Pauwen
VIP Master VIP Master
VIP Master
‎09-27-2021 04:17 PM
‎09-27-2021 04:17 PM