Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Configuration Synchronization with Remote firewall

Hi,

I have 2 pairs of pri/sec firewalls placed at remote locations. Each pair is working in a failover mode, that is, SITE-1-FW1 is being synchronized with SITE-1-FW2, and same is the case with SITE-2 firewalls.

Now, i am planning to upgrade SITE-2 firewalls, and for that i need to make sure that both pairs (on SITE-1 and SITE-2) should have up-to-date config. SO that i will route my traffic to SITE-1, will upgrade firewalls on SITE-2, and then will do the same for SITE-1. My question is, who can i automate this synchronization process, on firewalls placed at remote location.

7 REPLIES
New Member

Re: Configuration Synchronization with Remote firewall

Help needed

Re: Configuration Synchronization with Remote firewall

Can you be more specific on your requirements?

New Member

Re: Configuration Synchronization with Remote firewall

is it possible to update the ACLs of site-1 FW pair, on the site-2 FW pair automatically? I mean whenever someone adds/edit an ACL on site-1-FW pair, site-2-FW pair may automatically get updated?

Re: Configuration Synchronization with Remote firewall

In a word - no. The lan failover-syncronisation is between 2 firewalls in either active/standby or active/active, locally.

I would find it very strange to find any network where the same IP addresses were being used in 2 seperate locations.

Anyway - what you are asking, cannot be done.

HTH>

New Member

Re: Configuration Synchronization with Remote firewall

Same IP address scheme was advised by cisco advanced services team, and so far we are good with this without any problem, except this.

what about Cisco Security Manager? I heard using CSM, same security poilcy can be implemented accross multiple security devices on regular intervals, however i am still not sure if that is true...

Re: Configuration Synchronization with Remote firewall

Are you running the sites as active/active - if you are, how are you geting around the asymetric routing issues?

I do not know anything about the CSM - perhaps you should post a question in the MARS section.

Re: Configuration Synchronization with Remote firewall

Yes Mohsin there are two ways to do it, either manually or by using a configuration management tool like Cisco CSM. You can definitely make a 'Policy' in CSM and push it to multiple devices.

Regards

Farrukh

137
Views
0
Helpful
7
Replies
CreatePlease login to create content