Junos OS

Expand all | Collapse all

Best way to cable VC to HA firewalls for redundancy?

  • 1.  Best way to cable VC to HA firewalls for redundancy?

    Posted 27 days ago
    I have a lab environment (learning Junos) and I'm looking for the best way to cable my virtual chassis switches to a pair of HA firewalls?

    I have two EX2200-C in a VCF and two Fortigate 61E Firewalls in a HA. How can I cable these bad boys up so if one device dies is doesn't bring the whole network down?

    Here is a rather poor drawing of what is I was thinking would work (I am no Picasso).


  • 2.  RE: Best way to cable VC to HA firewalls for redundancy?

    Posted 26 days ago
    Hi fins, welcome to the wonderful Juniper world :)

    That cabling should work depending on how things are configured from a firewall zones perspective, how it handles the passive FW, etc.


    ------------------------------
    ALLYN CROWE
    ------------------------------



  • 3.  RE: Best way to cable VC to HA firewalls for redundancy?

     
    Posted 26 days ago
    The cabling will depend on how the firewall side interfaces are used and what the firewall failover process is.  

    Your example is appropriate if this is a active/passive firewall pair
    And the two interfaces on each firewall are a single interface bundle with tags for the multiple zones

    But if the two interfaces are each untagged and single zone the setup will take down one side of your firewall if a single switch fails.

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------