I have an edge router at my HQ site that is getting a default route via BGP.
This router is in turn distributing the default route into OSPF and advertising it to my HQ firewall.
The default route needs to be dynamic for our failover scenario to our DR site.
If we loose HQ internet, the higher AD default route to DR takes over.
We have a CSS device in between our HQ router and Firewall. The CSS is taking web requests and redirecting them to the Static NATs on the firewall.
That all works, with this exception: possibilites of asymetric traffic flows due to the servers behind the firewall initiating traffic directly and not going through the CSS.
I need to have OSPF configured on the CSS and have it be the first hop from the Firewall.
So the firewall will route traffic to the CSS, then to the Edge router.
I have that set up in the lab and it works, but you can only set the CSS up as an AS-Boundary device to distribute a default route.
I also had to adjust the cost of the interfaces to make the CSS more desriable than straight to the edge router.
I was wondering if this would be an issue from a design perspective to have the CSS as an AS-boundary device, sitting in between the Firewall and edge router OSPF area, all devices are in area 0.