02-10-2009 06:05 AM - edited 03-11-2019 07:48 AM
FWSM in multi context mode and routed mode.
I'm coming from checkpoint world and there we have VRRP gateways we handout to clients/servers. Going through a config guide for FWSM I see the following.
My quiestion is which address will be handed out to the clients/servers
interface vlan 201
nameif inside
security-level 100
ip address 10.0.3.1 255.255.255.0 standby 10.0.3.2
02-10-2009 07:27 AM
It would be the address assigned to the primary firewall - in your example from above 10.0.3.1. If the primary firewall fails over to the standby the address moves to the standby as well.
Jon
02-10-2009 10:29 AM
Thanx!
02-11-2009 12:16 AM
one last question, I suppose if I'm setting up a static route I point it to the active firewall and if that goes down the adddress is moved to the standby?
Just have to make sure:-)
02-11-2009 02:24 AM
Just have to make sure:-) - nothing wrong with that :-)
Yes, you would use the primary firewall IP address as the next-hop in your static route.
Jon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: