Traffic Flow on active/standby FWSM

frank · ‎02-11-2008

Can someone explain the traffic on a dual 6509 active/standby FWSM scenario?

We have two 6509 with FWSM installed in two different buildings and FWSM are running active/standby failover.

If the internal traffic reaches the 6509 with standby FWSM installed, would standby FWSM only forward the states to active FWSM for validation and then passing the traffic after the validation from this 6509 or standby FWSM will forward complete traffic to active 6509?

We only have failover and standby links between these two 6509, if the standby FWSM will forward complete traffic to activate 6509/FWSM, do we need another trunk link between the 6509s?

jim · ‎02-11-2008

I have my 6513's configured the same way. From what I see the traffic is routed to the ACTIVE HSRP vlan interface. When an HSRP interface goes down the firewall context for that interface fails with it.

frank · ‎02-11-2008

Thanks for the reply.

We don't have HSRP configured as these two 6509 are doing BGP with WAN routers and access level LAN layer 3 switches.

We have BGP peering for the 6509 that with standby FWSM installed, in this case the access level traffic will come to either of the 6509s, not sure how the traffic will flow if the access level reach the standby 6509/FWSM.