Solved: Re: Cisco WSA Redundancy

Mandeep singh5 · ‎07-03-2023

Hello Community,

I'm stuck in a scenario where I need help from Cisco expert guys.

I'm in an implementation project where I need to deploy Cisco WSA S695. We've already recommended 2 WSA in HA mode in DC for redundancy purposes.

The client wants interface redundancy as well means for internal traffic there will be 2 core switches in HA and the client wants that we will connect one P1 interface with an active core switch and if it goes down then there will be a redundant P1 interface connected with passive core switch.

A client wants the same scenario for P2 interfaces as well.

Let me know if it is possible or not, If yes then please explain.

Thank you in advance!!

@WSA

amojarra · ‎07-12-2023

Hi @Mandeep singh5

We have NIC teaming/ NIC Paring in WSA :

NIC pairing allows you to combine any two physical data ports to provide a backup Ethernet interface if the data path from the NIC to the upstream Ethernet port should fail. Basically, pairing configures the Ethernet interfaces so that there is a primary interface and a backup interface. If the primary interface fails (for example, if the carrier between the NIC and the upstream node is disrupted), the backup interface becomes active and an alert is sent. When the primary interface become available, this interface automatically becomes active. Within the documentation for this product, NIC pairing is synonymous with NIC teaming.

WSA does not support packet capture for the NIC paired interfaces. The packet capture will be applied only for the active interface

The Link Ken shared has the steps to configure it.

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++ If you find this answer helpful, please rate it as such ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

Regards,
Amirhossein Mojarrad
+++++++++++++++++++++++++++++++++++++++++++++++++++
++++ If you find this answer helpful, please rate it as such ++++
+++++++++++++++++++++++++++++++++++++++++++++++++++

View solution in original post

Konstantinos9 · ‎07-05-2023

Hello,

WSA only supports High Availability configuration on the internal data interfaces. I'm not aware and as far as I know it's not possible to have the same configuration for the external, P2 Data interfaces. Keep in mind that the WSAs in a HA pair do not exchange connection information. So in case the active WSA fails, the client will be redirected to the secondary and will have to re-establish traffic.

Hope the helps.

Konstantinos

Ken Stieers · ‎07-05-2023

WSA does support pairing interfaces. Its an active/passive failover.

https://www.cisco.com/c/en/us/td/docs/security/wsa/wsa-14-5/user-guide/wsa-userguide-14-5/b_WSA_UserGuide_11_7_chapter_01.html#con_1283092

(scroll up from where that lands you)

amojarra · ‎07-12-2023

Hi @Mandeep singh5

We have NIC teaming/ NIC Paring in WSA :

NIC pairing allows you to combine any two physical data ports to provide a backup Ethernet interface if the data path from the NIC to the upstream Ethernet port should fail. Basically, pairing configures the Ethernet interfaces so that there is a primary interface and a backup interface. If the primary interface fails (for example, if the carrier between the NIC and the upstream node is disrupted), the backup interface becomes active and an alert is sent. When the primary interface become available, this interface automatically becomes active. Within the documentation for this product, NIC pairing is synonymous with NIC teaming.

WSA does not support packet capture for the NIC paired interfaces. The packet capture will be applied only for the active interface

The Link Ken shared has the steps to configure it.

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++ If you find this answer helpful, please rate it as such ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

Regards,
Amirhossein Mojarrad
+++++++++++++++++++++++++++++++++++++++++++++++++++
++++ If you find this answer helpful, please rate it as such ++++
+++++++++++++++++++++++++++++++++++++++++++++++++++