Load Balacing for FWSM

Answered Question
Mar 24th, 2009
User Badges:

Hello,


I'm implementing a data center with an Aggregation layer equiped with FWSM-1 which cannot support active/active failover.


I'm thinking about multi-context to manually divide traffic into the two CAT6500.


Any comment or suggestion ?

Correct Answer by Jon Marshall about 7 years 12 months ago

Omar


You did ask for comments after all :-).


You said in your initial post that you could not use active/active but what you describe in terms of failover in your scenario is active/active, see this link -


http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/configuration/guide/fail_f.html#wp1052847


If you choose to go active/standby you cannot have FWSM1 active for one context and standby for another.


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Jon Marshall Wed, 04/01/2009 - 13:35
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Omar


Not sure i fully understand. If you run active/stanby then multi-context will not allow you to have different FWSM's active and standby. In an active/standby config the active firewall is active for all contexts and the standby is stanby for all contexts.


Only active/active will allow you to use both FWSM's at the same time.


Jon

omar.elmohri Thu, 04/02/2009 - 05:30
User Badges:

And you want to say that we cannot create more than one failover group when using active/standby ?

Jon Marshall Thu, 04/02/2009 - 07:47
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Omar


My understanding is that even with active/active both FWSM's are never active for the same context so yes unless you use active/active one FWSM is active for all contexts and one is standby.


Jon

Correct Answer
Jon Marshall Thu, 04/02/2009 - 11:00
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Omar


You did ask for comments after all :-).


You said in your initial post that you could not use active/active but what you describe in terms of failover in your scenario is active/active, see this link -


http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/configuration/guide/fail_f.html#wp1052847


If you choose to go active/standby you cannot have FWSM1 active for one context and standby for another.


Jon

Actions

This Discussion