Re: Routing VLANs through different Firewall

AhmadZ · ‎03-23-2023

Dear All,

I have VLANs configured on a Cisco core switch. Where the default gateway of this Coreswitch is Firewall 1. Lately, Firewall 2 was installed where I need one of the VLANs traffic to go outside Firewall 2.

Will the following configuration work?

interface Vlan10
ip address 172.16.10.1 255.255.255.0

interface Vlan20
ip address 172.16.20.1 255.255.255.0

interface Vlan30
ip address 172.16.30.1 255.255.255.0

interface Vlan100
ip address 172.16.100.1 255.255.255.0

ip route 172.16.10.0 255.255.255.0 172.16.10.14     (Goes through Firewall 1)
ip route 172.16.20.0 255.255.255.0 172.16.10.14     (Goes through Firewall 1)
ip route 172.16.30.0 255.255.255.0 172.16.10.14     (Goes through Firewall 1)
ip route 172.16.100.0 255.255.255.0 172.16.100.2   (Goes through Firewall 2)

Thanks in advance!

MHM Cisco World · ‎03-23-2023

there is no issue, but if new VLAN want to talk to other VLAN, are FW2 have path to FW1 ?

AhmadZ · ‎03-23-2023

I have a subnet given by ISP, 1 public IP from the given IPs are configured each on FW. FW1 lan is connected to coreswitch through VLAN10 and FW2 is connected to coreswitch through VLAN 100

MHM Cisco World · ‎03-23-2023

you mention that the FW is default GW for host, so the inter-vlan is done in GW not in SW
if VLAN100 what to talk to other VLAN does FW2 have route to other VLAN and does FW1 have route to VLAN 100?