HA/Distributed Clustering Across Two Buildings

Forum|Forum|8 years ago
December 18, 2017
1 reply
11749 views

I am trying to design an HA setup with two firewalls running active/passive in two different buildings. I have fiber and switches between the two so layer 2 connectivity for the HA traffic is not a problem. But I have two ISP links at each location with different public IPs. Can I create failover between the two in the scenario? From what I can tell from the documentation, the active/passive clustering will create an identical config on the passive firewall.

Thanks,

-mike

aagrafi

New Member

That is correct. Both FGs will have identical configuration. If you want to have clustering in this scenario, you must have dual WAN links at both FGs and pass one WAN link of each FG to the remote side. In other words, between the FGs and the SPs there should be a switch.

I hope you understand the topology as I explained it ;)

ascendmaxAuthor

New Member

aagrafi - Thanks for your reply. So it looks like what I'm trying to do is not possible. I do have dual WAN links are both locations but they have different public IP addresses. We are set up like this for example:

FG Site A

WAN1 - 10.10.10.1 (Comcast)

WAN2 - 10.10.20.1 (Verizon FIOS)

FG Site B

WAN1 - 172.28.1.1 (Level 3)

WAN2 - 172.30.1.1 (Cogent)

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded