hello Reddit,
Just confirm my thoughts (of tell me I'm wrong!)
I need to reconfigure a network to be more HA, currently there is HA firewalls but the split of the wan and lan to HA, and the actual LAN, exist on the same switch in vlans, then there is 2 daisy chained switches further on from this switch. So it's not very HA at all. The physical cabling all looks a bit loopy, but is currently working (unless that switch fails or is rebooted, then everyone loses internet as both firewalls hanging off the same switch - which is also splitting the single WAN feed out to both firewalls - eesh)
The switches dont stack - otherwise I would do HA properly with Lagged interfaces from the firewalls accross the stack.
with that in mind I think my best approach is to do trunks between all the switches, make it a loop and turn on STP, then have a single interface from one firewall going to the lan vlan on one switch, and the LAN interface on the HA firewall going to the lan vlan on a different switch?
Then any firewall or lan side switch can fail and everyone would still be able to get out to the internet, except clients plugged into the failed switch?
The switches and the firewalls aren't very good, but are quite new so I don't think I'll get much motivation to replace it all just to make it better, so trying to work with what I've got (new customer etc)
No comments:
Post a Comment