We want to deploy 2 firewall PAN in 2 different location (Building) but same area/complex. Is there any ideal distance for HA link for both firewall? Is it need to directly or i can use via switch?
Can i deploy this topology? is there any suggest?
Yes and No.
While your topology would work perfectly fine you would have to utilize aux-1/2 or the management interface for your Control Link, you would then need to configure an interface as an HA interface for your Data Link instead of the hsci interfaces.
Essentially it'll work perfectly fine, you just lose the ability to utilize the hsci interface.
That topology should would perfectly fine, but I am missing why you need vwire2 at all. From the diagram it looks as though if you lost the router in Building A or B, traffic would traverse to the other switch and out that buildings router right? So at that point simply maintaning vwire 1 and dropping vwire 2 should be sufficient, unless the switch in building A has direct access to the router in building B and I'm just not seeing that in the diagram.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!