TL;DR I have two datacenter sites in Central US and East Coast US. Need firewalls at both sites. What hardware and protocols allow you to failover to another site while still using the same IPs?
We would like to setup an active/passive datacenter where our east coast is primary and central US is our DR. Our primary site has two Cisco Firepower appliances in an HA pair. Should we add more Firepowers at the other site? Our main question is how do we make sure the configs match at both sites if we use Cisco ASA 5525's at one site and Firepower appliances at another? We previously had two sites very close to each other and run two ASA 5525's in HA with one at each site. Now that we're spread out more we're concerned latency could add problems with heartbeats and possibly a split-brain scenario. Most everything is still in the air and can be changed relatively easily.. Just looking for some guidance and what you guys are running.
No comments:
Post a Comment