how to configure routing for 2 pix 515e failover pairs stacked

Unanswered Question
Jun 4th, 2007

Anyone have suggestions on how i would engineer an architecture where i will have 2 failover pais? They will be PIX 515E's. The top firewalls will be hosting our DMZs and the outside internet of course,. and the bottom pair will be servicing our trusted and restricted segments. The outside interfaces of the bottom firewalls will link directly to the inside interfaces of the top firewalls. However i am thinking that if the bottom or top fails over,.. how will it have to be designed so that the failover pix will communicate with the other primary firewall? I have it designed such that i have an interface on the bottom primary to the top secondary and vice versa. each interface is in a different network of course,.. but how will i do the routing? Since i can only point a default route to 1 IP address. I plan on using stateful failover cables for both UR and FO firewall pairs,.. but any suggestions on how to set up the routing so that the top or bottom of the "sandwich" can still talk to the other half once a failover on the top or bottom occurs? I have a visio attached if i have confused anyone which only includes the pertinent parts relating to my question.. Thanks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion