09-14-2015 09:49 AM - edited 03-08-2019 01:45 AM
Hi,
I have a need to add new Cisco ASA 5585-X SSP40 firewalls to the border of our enterprise networks.
Questions is, Will the Cisco ASA 5585-X SSP40 with perhaps 10k ACEs support the full IRT?
Thank you
Frank
09-14-2015 10:03 AM
Hi,
What is IRT?
If you mean Internet routing table, I would not bring almost 600k routes to a firewall. Firewalls are not design to handle this many routes, you want to bring the routes to a router. ASRs can usually handle that well.
HTH
09-14-2015 10:43 AM
Hi Reza,
Yes full IRT = Full Internet Routing Table.
Our network is a little complex and spans two different geographical locations 450 miles apart. To enable redundancy between the two separate domains, we need to somehow join the two DMZ domain stateful standalone firewalls to provide failover for each other. Clustering is one option but little hesitate to pursue this option due to the connectivity issues with distance. Active/standby is another option but raises political issues.
Thanks
Frank
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide