Configuration Synchronization with Remote firewall

Unanswered Question


I have 2 pairs of pri/sec firewalls placed at remote locations. Each pair is working in a failover mode, that is, SITE-1-FW1 is being synchronized with SITE-1-FW2, and same is the case with SITE-2 firewalls.

Now, i am planning to upgrade SITE-2 firewalls, and for that i need to make sure that both pairs (on SITE-1 and SITE-2) should have up-to-date config. SO that i will route my traffic to SITE-1, will upgrade firewalls on SITE-2, and then will do the same for SITE-1. My question is, who can i automate this synchronization process, on firewalls placed at remote location.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

In a word - no. The lan failover-syncronisation is between 2 firewalls in either active/standby or active/active, locally.

I would find it very strange to find any network where the same IP addresses were being used in 2 seperate locations.

Anyway - what you are asking, cannot be done.


Same IP address scheme was advised by cisco advanced services team, and so far we are good with this without any problem, except this.

what about Cisco Security Manager? I heard using CSM, same security poilcy can be implemented accross multiple security devices on regular intervals, however i am still not sure if that is true...

Farrukh Haroon Sun, 09/14/2008 - 02:18
User Badges:
  • Red, 2250 points or more

Yes Mohsin there are two ways to do it, either manually or by using a configuration management tool like Cisco CSM. You can definitely make a 'Policy' in CSM and push it to multiple devices.




This Discussion