02-10-2009 06:05 AM - edited 03-11-2019 07:48 AM
FWSM in multi context mode and routed mode.
I'm coming from checkpoint world and there we have VRRP gateways we handout to clients/servers. Going through a config guide for FWSM I see the following.
My quiestion is which address will be handed out to the clients/servers
interface vlan 201
nameif inside
security-level 100
ip address 10.0.3.1 255.255.255.0 standby 10.0.3.2
02-10-2009 07:27 AM
It would be the address assigned to the primary firewall - in your example from above 10.0.3.1. If the primary firewall fails over to the standby the address moves to the standby as well.
Jon
02-10-2009 10:29 AM
Thanx!
02-11-2009 12:16 AM
one last question, I suppose if I'm setting up a static route I point it to the active firewall and if that goes down the adddress is moved to the standby?
Just have to make sure:-)
02-11-2009 02:24 AM
Just have to make sure:-) - nothing wrong with that :-)
Yes, you would use the primary firewall IP address as the next-hop in your static route.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide