Here is my scenario. Main site, 3020 HA pair. DR site single 3020. Sites are geographically separated, different ISP's, different certificates.
My plan is to stand up and configure interfaces, certificates, VPN, and other unique elements. What will be the same is zones, objects, services,policies, etc.
What I am wondering is if there is a script that can be written to keep the zones, objects, services, policies, etc in the main firewall sync to the DR firewall. Essentially I am trying to make a type of HA. with 2 passive devices.
Thanks for the help!
anyway what you describe is possible.
our configs is XML, you would just replicate entire objects & rules xml trees from one to the other , but the script would trigger manually (you launch it) unless you come with a log monitor system (like a syslog running somewhereà that listens for commit logs to trigger synchro script.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!