01-09-2015 03:26 PM - edited 03-07-2019 10:10 PM
Greetings,
I was finally able to get a secondary ASA 5525X firewall into my collocation facility. I have a single uplink to the Internet (collocation port on patch panel) from Gi0/0 on my primary 5525X. I have a /26 block of IP addresses, so I can easily allocate another IP on the 2nd firewall, but the uplink is restricted to a single patch port.
I figure I can drop this patch panel link into my C3750X switch, split it out between the two 5525X firewalls, and then set up Active/Standby Failover.
Wondering what the best way to configure the three ports on my C3750X (one for the connection to the uplinked patch panel, and two to the two firewalls). I am assuming I can simply place these three ports in their own VLAN and they should be good?
Am I missing anything?
Thanks in advance.
Kerry
Solved! Go to Solution.
01-09-2015 08:57 PM
Hi Kerry,
You scenario should work fine.
You can connect the provider's patch to one of the ports on the 3750 and also connect the firewalls to 2 other ports on the 3750 and put all 3 ports in the same layer-2 vlan (access-port). This will give you firewalls redundancy but you still have a single point of failure on the link to your provider.
HTH
01-09-2015 08:57 PM
Hi Kerry,
You scenario should work fine.
You can connect the provider's patch to one of the ports on the 3750 and also connect the firewalls to 2 other ports on the 3750 and put all 3 ports in the same layer-2 vlan (access-port). This will give you firewalls redundancy but you still have a single point of failure on the link to your provider.
HTH
01-10-2015 02:18 PM
Just one addition to think about: If you only had one firewall and one internet-uplink before, then I assume that the internet-link was connected back-to-back and the 3750X is also your internal switch? Using the same device as inside and outside device is a bad security practice. In a worst case scenario this one switch can bridge around your firewall and remove this security control completely.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide