Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
aa
Community Member

Redundant Design Question

Hope someone can provide some advice.

What is the best design for a redundant infrastructure?

The components are:

2 x 3750G switches (stacked)

2 x ASA5520 Firewalls - Active/Passive

2 x F5 load balancers

Firewalls are up front and load balancers are in the back.

The switches have multiple vlans and are used for all connections.

Servers have 2 connections - 1 to each switch for redundancy.

Questions:

Would you use redundant interfaces on the firewall (with 1 connection to each physical switch)

OR

Would you have each firewall (all ports) on 1 switch?

How about the load balancers?

Thanks in advance for any replies.

1 REPLY
Hall of Fame Super Blue

Re: Redundant Design Question

You are better off having all ports from firewall_1 connected to switch_1 and all ports from firewall_2 connected to switch_2.

If one of the switches fails and the firewall needs to fail over you want all ports on the now active firewall to be up and running. If you split the ports across switches you could end up with the situation where a switch fails and your active firewall cannot use all it's interfaces.

Not much experience with F5 but to keep things simple i would do the same here. It makes it a lot easier to troubleshoot.

Jon

195
Views
4
Helpful
1
Replies
CreatePlease to create content