Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1465
Views
15
Helpful
4
Replies

edge firewall design

wael.vs
Level 1
Level 1

‎06-23-2019 05:29 AM - edited ‎06-23-2019 09:35 PM

Dear community

 

what is the best design for the edge firewall with high availability, there is only two firewalls and routers.

please check the following network diagram.

suggestions are welcome.

                                        A                                                                                     B

 1.png2.png

Labels:
0 Helpful
4 Replies 4

Deepak Kumar
VIP Alumni
VIP Alumni

‎06-23-2019 06:26 AM

Hi,

You had shared very less information with us. I have many questions for you before deciding on a design or start testing a design in the lab. 

1.  You have 2 routers. Is it connected with a Single Home or Multi-Homed Network?

2. Are those switches are in the Stack or vPC or VSS?

3. Firewalls will be in Active-Passive or active-active mode (HA)?

4. Is it flat Layer 2 network or Layer 3 network?

 

Waiting for that information?

 

Regards,

Deepak Kumar

 

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

wael.vs
Level 1
Level 1
In response to Deepak Kumar

‎06-23-2019 09:30 PM

1. two different ISPs one used as the primary network and the other only used when the first goes down.

2. the core switches are VSS, from the core switches upward we didn't decided yet.

3. Active-Passive routed mode.

what i'm wondering about is the possibility to use the cross connection design between the switches and the routers, because if on of the switches goes down we will also loss the connectivity to the active router.

 

0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni
In response to wael.vs

‎06-23-2019 10:39 PM

Hi,

Yes, it is possible to design with cross connection but you may go with dynamic routing or FHRP or L3 EtherChannel (if switches are in VSS or Stack). 

 

My recommendations on the design as (Basic Layer 2 and Layer 3 Design):

 

1. Configure HSRP between both routers and assign a high priority to the primary ISP. 

2. Switches (Between Firewall and Router: WAN switches) keep in the Stack and configure Layer 3 EtherChannel between Router and WAN switches. *You must configure a VLAN on the Switch and assign IP to VLAN only.

3. Configure Cross chassis EtherChannel between firewall and WAN switches. 

4. Also, configure Cross chassis EtherChannel between Firewall and Core switches.

 

Tell me if you have any confusion or need any help.

 

Regards,

Deepak Kumar

 

 

 

 

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card