synchronization of two ASA5550 with OS version 8.0.2 in transparent mode

Unanswered Question
Oct 10th, 2007
User Badges:


Our customer has two ASA5550-K9 and asks us to configure both firewalls in transparent mode. These firewalls are design to protect traffic between outside and inside.

The 1st firewall's outside interface connect to first router 3825. The firewall's interface connect to first L3 switch.

The 2st firewall's outside interface connect to second router 3825. The firewall's interface connect to second L3 switch. Both 3825 routers and both L3 switches are running OSPF.

All paired interfaces reside in different segment (in other words they are all running as layer 3).

However, the requirements is to have firewall's rules will be exactly the same. Is there anyway to synchronize the firewall configuration for both firewalls by only configuring one machine?

The main objective is to ensure both configuration are exactly the same by configuring one machine only.

I understand that failover command has the capability to do this. But doing so, one of the firewalls must be in standby mode, however both firewalls are required to be active to eliminate the failover time.

Any suggestion?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
deward Thu, 10/11/2007 - 07:21
User Badges:

Along those same lines...

I would like to setup two ASA5540's in a remote access VPN load-balancing cluster (which means I can't use failover). I want to be able to make changes on one ASA and have it replicate/sync to the other ASA.

Is that possible?



This Discussion