asked on

High Availibility between Cisco Asa and fortigate firewalls

Hi,
I need your advice about this scenario. I have to configure cisco ASA and Fortigate firewalls to bring High Avalaibilty to my headquater. Is it possible? How can I do it?

Thanks,

Best Regards,
Aristide Akaffou

Garry Glendown

Do you mean redundancy between an ASA and a FortiGate? The built-in HA features as such will not be usable; also, if you try to do NAT on IPs directly connected on the outside interface, it will most likely not work decently, at least not with failover. Only reliable chance I'd see would be setting up a dynamic routing between your firewalls and the edge router, setting up one of the firewalls to be prioritized over the other, and have a network with public IPs that is routed towards the firewalls, thereby allowing both firewalls to do incoming NAT/VIP on the same IPs. Problem could be though that your internal devices will also have to use the same firewall for returning traffic, otherwise you will run into big problems due to asymmetric routing.

In short, don't! Chose either an ASA or FG cluster, but do not mix ... you'll end up with a whole lot of work setting it up, keeping it running, and keeping the configs in sync.

BTOB TELECOM

ASKER

Hi Garry,
thank you for your response.

Best Regards,

Aristide Akaffou

This question needs an answer!

Become an EE member today

7 DAY FREE TRIAL

Members can start a 7-Day Free trial then enjoy unlimited access to the platform.

View membership options

Learn why we charge membership fees

We get it - no one likes a content blocker. Take one extra minute and find out why we block content.