07-31-2023 06:54 PM
Hi,
We have a Tier 2 network design and i am having trouble to figure the connection between the CORE SW and Firewall
Core_sw is using GLBP
FWPRiMARY-Active
FW_HA-Backup
Is it possible to implement this design and what do i need to consider and configuration to do?
07-31-2023 07:56 PM - edited 07-31-2023 07:57 PM
People use GLBP due the load balance capability. If your firewall is active/standby you can not loadbalance. On this case, you can use HSRP or VRRP in case you have problem with GLBP.
You need to consider if you are going to use layer3 point to point between Core and firewall or layer2.
If layer3 with static routing or dynamic.
If dynamic, which protocol.
07-31-2023 08:28 PM
Hi,
I will be using HSRP now and static routing. how about my connection from Layer 3 to firewall, i know that the firewall and HA use the same configuration, so IP addressing in my primary core and backup will be the same going to firewalls will this create a conflict, or any suggestion you might share?.
thanks!
07-31-2023 08:48 PM - edited 07-31-2023 08:51 PM
The firewall will probably offer.you a VIP right? Just like you do with HSRP.
The Primary core will have a default route to this VIP, right?
As you are going to use static/default route from the core to firewall, what you can do is add two static route on the core2
Core 1:
ip route 0.0.0.0.0 0.0.0.0 <fw vip>
On the core 2.
ip route 0.0.0.0.0 0.0.0.0 <core 1>
ip route 0.0.0.0 0.0.0.0 <fw vip> <administrative distance>
This way if the Core 1 crash the core 2 will remove the route to core 1 and use the second route sending to the firewall.
if core 2 drops,.nothing happen as the core 1 is the primary.
Just make core 1 active HSRP for all vlans.
07-31-2023 10:00 PM - edited 07-31-2023 10:00 PM
Then how about my addressing from COre to firewall. i will be using same address, will this be an issue or its ok?
08-01-2023 03:03 AM
Why same address? What do you mean?
Which firewall is it by the way?
08-01-2023 03:23 AM
I am really lost. this will be my topology.
FIREWALL is sync so they have the same configuration because of that i am confuse should i use the same address from L3 primary then use it on L3_Backup?
08-01-2023 03:37 AM
Which firewall vendor and model is it?
08-01-2023 04:09 AM
Sonicwall,
08-01-2023 04:13 AM - edited 08-01-2023 04:14 AM
Do you have the model?
Depeneding on the firewall you may need to change the topology. Maybe you need to use layer2 between cores and firewalls. And use interface vlan on the core side.
But I like to know which firewall model is and how the vendor suggest to build this kind of topology and if that is even possible for this vendor.
I have some experience with CheckPoint but not with Sonicwall. But they must have something docummented.
08-01-2023 04:18 AM - edited 08-01-2023 04:23 AM
Tz670, you think the only option for me is to put layer 2 in between?
08-01-2023 04:24 AM - edited 08-01-2023 04:25 AM
Give me a second, let me take a look on this firewall first.
But, keep in mind that if the firewall is in HA, your logical topology looks like this one. The HA is like one device.
Your physical topology looks like this
08-01-2023 05:05 AM
Looking at the Sonicwall documentation, this is how the suggest to connect the firewall in HA environment.
They mention this interface X0 as the entry/exit point to Lan network, which would be the interface you would use to connect to the Cores. That being said, you are not going to cross connect the firewall but you are going to have one uplink from each firewall to Cores.
So, your physical topology would look like this
But, I higly recommend you to take a look more closely on the Sonicwall docummentation because they mention Active/Active firewall also.
08-01-2023 05:28 AM
Thank you, I will be considering that one too.
08-01-2023 04:51 AM - edited 08-01-2023 04:54 AM
Will this work?
FHRP going back to LAYER 3.
Thats not glbp, its HSRP that i will be using.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide