Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
973
Views
3
Helpful
3
Replies

Cisco WSA Redundancy

Go to solution
Mandeep singh5
Level 1
Level 1

‎07-03-2023 11:03 PM

Hello Community,

I'm stuck in a scenario where I need help from Cisco expert guys.

I'm in an implementation project where I need to deploy Cisco WSA S695. We've already recommended 2 WSA in HA mode in DC for redundancy purposes.

The client wants interface redundancy as well means for internal traffic there will be 2 core switches in HA and the client wants that we will connect one P1 interface with an active core switch and if it goes down then there will be a redundant P1 interface connected with passive core switch.

A client wants the same scenario for P2 interfaces as well.

Let me know if it is possible or not, If yes then please explain.

Thank you in advance!!

@WSA 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
amojarra
Cisco Employee
Cisco Employee

‎07-12-2023 03:57 AM

Hi @Mandeep singh5 

We have NIC teaming/ NIC Paring in WSA : 

NIC pairing allows you to combine any two physical data ports to provide a backup Ethernet interface if the data path from the NIC to the upstream Ethernet port should fail. Basically, pairing configures the Ethernet interfaces so that there is a primary interface and a backup interface. If the primary interface fails (for example, if the carrier between the NIC and the upstream node is disrupted), the backup interface becomes active and an alert is sent. When the primary interface become available, this interface automatically becomes active. Within the documentation for this product, NIC pairing is synonymous with NIC teaming.

 

WSA does not support packet capture for the NIC paired interfaces. The packet capture will be applied only for the active interface

 

The Link Ken shared has the steps to configure it. 

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++   If you find this answer helpful, please rate it as such  ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

 

 

Regards,
Amirhossein Mojarrad
+++++++++++++++++++++++++++++++++++++++++++++++++++
++++ If you find this answer helpful, please rate it as such ++++
+++++++++++++++++++++++++++++++++++++++++++++++++++

View solution in original post

3 Replies 3

Go to solution
Konstantinos9
Cisco Employee
Cisco Employee

‎07-05-2023 06:15 AM

Hello,

WSA only supports High Availability configuration on the internal data interfaces. I'm not aware and as far as I know it's not possible to have the same configuration for the external, P2 Data interfaces. Keep in mind that the WSAs in a HA pair do not exchange connection information. So in case the active WSA fails, the client will be redirected to the secondary and will have to re-establish traffic.

Hope the helps.

Konstantinos

 

0 Helpful

Go to solution
Ken Stieers
VIP
VIP

‎07-05-2023 07:01 AM

WSA does support pairing interfaces.  Its an active/passive failover. 

https://www.cisco.com/c/en/us/td/docs/security/wsa/wsa-14-5/user-guide/wsa-userguide-14-5/b_WSA_UserGuide_11_7_chapter_01.html#con_1283092

(scroll up from where that lands you)

 

Go to solution
amojarra
Cisco Employee
Cisco Employee

‎07-12-2023 03:57 AM

Hi @Mandeep singh5 

We have NIC teaming/ NIC Paring in WSA : 

NIC pairing allows you to combine any two physical data ports to provide a backup Ethernet interface if the data path from the NIC to the upstream Ethernet port should fail. Basically, pairing configures the Ethernet interfaces so that there is a primary interface and a backup interface. If the primary interface fails (for example, if the carrier between the NIC and the upstream node is disrupted), the backup interface becomes active and an alert is sent. When the primary interface become available, this interface automatically becomes active. Within the documentation for this product, NIC pairing is synonymous with NIC teaming.

 

WSA does not support packet capture for the NIC paired interfaces. The packet capture will be applied only for the active interface

 

The Link Ken shared has the steps to configure it. 

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++   If you find this answer helpful, please rate it as such  ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

 

 

Regards,
Amirhossein Mojarrad
+++++++++++++++++++++++++++++++++++++++++++++++++++
++++ If you find this answer helpful, please rate it as such ++++
+++++++++++++++++++++++++++++++++++++++++++++++++++
Related community topics
Top