Setting up firewall hardware failover with Cisco 2960 Switch

I have looked and looked but cannot seem to find a specific answer...so what I have is this

(2) Sonicwall PRO 4060 firewalls
(1) 10MB Internet connection handed off to me in my data center as an Ethernet cable
(1) Cisco catalyst 2960 switch

Here is what I want to do, setup my 2 firewalls to failover if one fails, thus giving me access to the Internet and my local netowork. From what I can tell, its very easy to set this up in the Sonicwall, a cross-over cable, and checking off a box in the hardware failover settings.  What I am not sure about is how I configure my switch ports to support the Internet connection coming in, and then the 2 sonicwalls, and how to switch over the ports when/if 1 of them fails. I keep hearing/reading I need to use HSRP, but cannot figure out exactly what that means.
mikerunkelAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mikerunkelAuthor Commented:
I found this on the Cisco 2960 configuration document, is this what I should be doing??

EtherChannel Port Groups
EtherChannel port groups treat multiple switch ports as one switch port. These port groups act as a single logical port for high-bandwidth connections between switches or between switches and servers. An EtherChannel balances the traffic load across the links in the channel. If a link within the EtherChannel fails, traffic previously carried over the failed link changes to the remaining links. You can group multiple trunk ports into one logical trunk port or multiple access ports into one logical access port. Most protocols operate over either single ports or aggregated switch ports and do not recognize the physical ports within the port group. Exceptions are the DTP, the Cisco Discovery Protocol (CDP), and the Port Aggregation Protocol (PAgP), which operate only on physical ports.

When you configure an EtherChannel, you create a port-channel logical interface and assign an interface to the EtherChannel. Use the channel-group interface configuration command to dynamically create the port-channel logical interface. This command binds the physical and logical ports together. For more information, see "Configuring EtherChannels and Link-State Tracking."

0
JamesFrancisCommented:
If I am understanding you correctly this is the setup you want.

                                                                      Internet
                                                                           |
                                                                 ---------------
                                                                 |                   |
                                                         Firewall         Firewall
                                                                 |                   |
                                                                 ---------------
                                                                          |
                                                                       LAN

In this case I would create a vlan for the internet side
assign 3 ports to this vlan - router, firewall1-outside and firewall 2-ouside
connect the firewall1-inside and firewall2-inside to the switch on normal ports.
When you setup the Failover configuration on the Sonicwall it will have a single IP address and will automatically switch this IP over to the backup if the master fails.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mikerunkelAuthor Commented:
Thanks for your help. I basically did what you said minus the vlan, only becuase I had a dedicated switch.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Switches / Hubs

From novice to tech pro — start learning today.