Best practice for GSS design

Unanswered Question
Jul 29th, 2010
User Badges:
  • Bronze, 100 points or more

Please advice as to what records needs to go in Public DNS server in a scenario where i have url say which is listed in the Domain List of the GSS-P, sot that GSS-P or GSS-S can handout the respective external VIP to the clients requesting the url in case one of the GSS/site (GSS_P and GSS-S) goes unavailable

Please also specify the communication path of a client accessing

Advice the best practice

Thanks in advance


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.8 (3 ratings)
pefrench Wed, 08/11/2010 - 07:38
User Badges:

Most DNS servers support the delegation of subdomain authority.

You have two options to delegate a sub domain to the GSS.

Direct delegation of A record, or delegate using CNAME.

Refer to pages 9-10 of the attached best practice guide.

EPHRAIM MANI Mon, 08/16/2010 - 20:32
User Badges:
  • Bronze, 100 points or more

the documnet provided is very help full.

Naren naren Tue, 11/16/2010 - 00:27
User Badges:

Hello Friend,

I am not able to open the document its saying corrupted...

Can you please reupload it....



Akhtar Samo Wed, 02/09/2011 - 04:53
User Badges:

Hi Peter,

Helpful document thanks. Can you please share with us the newer version of the GSS document which haves Cisco ACE in it. Thanks in advance.



totneteng Fri, 02/11/2011 - 10:52
User Badges:


I am new to GSS. I would appreciate if some can help me with the deisgn. I want to know if I need to put the GSS inline after the inernet facing firewall and befor the ACE module. OR use it as one arm mode. Trying to figure out the best fit in the design.

FWSM1 >>> GSS >>> ACE


just put the GSS as one arm mode between the FWSM1 >>> ACE



Thanks in advance,


pefrench Fri, 02/11/2011 - 11:23
User Badges:

Hi Nav,

We do not have a set guideline on placement.  We offer some considerations, for example on how to assure proper communication between GSS, if you have multiple units in a deployment. For guidance we do have, please refer to the 'GSS deployment topology'  section in the 'best practice' doc which I previously posted to this thread, and also the product configuration guide which you can find at this link:



steve.busby Thu, 02/17/2011 - 17:13
User Badges:
  • Silver, 250 points or more

Great document "pefrench", thanks for sharing.

I've been delegating subdomains to GSS using CNAME's for several years, but I really need to make the GSS authoritative for an entire domain.

Do you have any links or documents that explains this configuration?



This Discussion