Has anyone ever put a switch BETWEEN their incoming ISP's hand-off port & their BGP router, for the purpose of creating a high-availability pair BGP router/firewall?
We have two different ISPs coming into our facility. Each ISP gives us 1 port which we patch to our Cisco ISR4451-X router (where BGP occurs). Out of the router, we go to a switch to give the needed paths to a pair of Cisco ASAs in a high-availability setup.
We're upgrading our (2) Cisco ASAs & Cisco ISR4451-X router to a high-availability pair of Fortinet NGFWs, that will also do our BGP routing. I'm just trying to understand the future layout and how this works.
Since BGP is layer 4, this should work, right?
The other option would be to call my ISPs & have them activate additional ports but we're looking to get this in place without getting them involved.
No comments:
Post a Comment