Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Network Design Question

Posted on 2007-11-16
2
Medium Priority
?
233 Views
Last Modified: 2010-04-17
Right now a pix firewall is the edge device. It connects directly to the ISP's router. I am going to use BGP with an additional edge router to multihome 2 isp's. What is the best configuration as far as routing protocols?

The Pix can use Rip or OSPF. Should I use a protocol or just static routes on the pix? Is it possible to run BGP on the edge router and have the Pix outside int connected to a switch with the router on the switch too? This is because there is another failover pix, so i assume there needs to be a switch in between the router and the pix.

On the inside of the pix there is a L3 switch doing internal routing. It is using EIGRP.

What is the best way to design this?
0
Comment
Question by:jaysonfranklin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 29

Accepted Solution

by:
Jan Springer earned 2000 total points
ID: 20301472
ISP A/ISP B (BGP) -> your router (BGP)
your router (static routes) -> pix

Make sure that you have a static route to null0 with a weight of 250 for the networks that you will be advertising via BGP.  That way if the ethernet or switch goes down or the pix does not failover, your routes will not be withdrawn.

you are correct that you need a switch to connect the two firewalls and a router for failover to the inside network.
0
 
LVL 1

Author Comment

by:jaysonfranklin
ID: 20314091
Ok, thanks...
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam® is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
This program is used to assist in finding and resolving common problems with wireless connections.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question