background: We have multiple Internet connections with failover configured on our cisco ASA's that works well for outbound traffic. We also host services that must failover (we use external DNS failover and other application-level failover mechanisms. BGP/ARIN is too much for us).
I was never able to get the inbound traffic to work with the NAT on the single ASA pair so my current solution is using PBR on a crappy dell N3048 layer 3 switch and another firewall that hosts the second ISP for incoming services. The application servers have multiple IPs, and they route out the correct firewall (NATed) using PBR. I really hate this setup because I hate the extra firewall (another point of failure), but it works well. I wish everything was terminated on a single set of HA firewalls, and we had a core switch that wasn't hot garbage. When I set this up it was my understanding that ASA's do not do PBR and they are NOT routers so don't even ask!
So now it's 2021, and it's time for all new stuff (core switch and firewalls, going to upgrade to 10Gb). Can anyone make a recommendation of some products? I'm mainly a programmer, but I have to deal with this networking stuff when it comes up. I've been watching some Meraki videos, and I'm trying not to drink the flavoraid, but their stuff does look cool. I do love the reliability of the ASA's, been running them for 10 years and never a single problem once I got them setup. This is a very HA environment and we buy 2 of everything, so reliability is king. I also like as few brands as possible. all our computing equipment is dell. Would like all of our networking equipment to be a single vendor as well.
Our WAN links are 1GB metro ethernet. I may end up just hiring a firm to install a new network and take over management of it, but I'm trying to get a feel for the technology so I don't get taken for a ride.
No comments:
Post a Comment