Solved: Firewall at L3 can be

Kevin · ‎03-18-2014

Hi Guys,

Lets say i have two routers to be put in redundancy mode, can i use firewall as layer 2 switch link for HSRP link?

Mike Williams · ‎03-19-2014

You are correct, you will need a switch between the two routers and the firewall as all three devices need to share the same layer 2 VLAN. You only need a layer 2 switch. Regards, Mike

View solution in original post

Mike Williams · ‎03-18-2014

Yes, if you are using a firewall with an integrated switch, such as an ASA 5505. If it only has routed ports, such as any other ASA model, then the answer is no. In any event, it's not recommended. A firewall is meant as a security device, not as a switch. Regards, Mike

Kevin · ‎03-19-2014

Hi Mike,

Can i just use layer 2 switch in between router and firewall to enable the HSRP?

Or it must be layer 3?

Thanks.

rkbala3560 · ‎03-19-2014

Firewall at L3 can be connected to two switches for HSRP. gateway for firewall should be pointing to the virtual ip configured for HSRP...

Kevin · ‎03-19-2014

How about connection from:

Router (HSRP) --- Switch --- Firewall ?

In order for router to have HSRP i need to have a switch right?

Mike Williams · ‎03-19-2014

You are correct, you will need a switch between the two routers and the firewall as all three devices need to share the same layer 2 VLAN. You only need a layer 2 switch. Regards, Mike

Kevin · ‎03-19-2014

Thanks mike and bala for your advices.

vtodorovv · ‎09-17-2015

Will any l2 switch between the router and the firewall work ?

I have a spare 5port 1gbit switch but is not cicso brand. Can i use it to connect the hsrp routers and the asa firewall ?

Thanks

Mike Williams · ‎09-17-2015

As long as you aren't doing VLAN tagging, any switch will do. You just need to be able to bridge layer 2 ethernet.

Regards,

Mike

vtodorovv · ‎09-17-2015

Hi Mike,

thanks alot for the quick reply.

And should i have any concerns regarding bottleneck using the cheap netgear GS105E ?

Using Firewall ethernet ports as HSRP