Interstate DR setup with site replication.

Reply
L1 Bithead

Interstate DR setup with site replication.

Hi All, 

 

We are currently in the build process of a interstate warm DR. Our primary DC has a pair of 850s while the interstate has a pair of 820s. I have begun implementing Panorama to manage both sites, both devices are configured with a simple clean config currently running on the DR 820's. We will be using VMware site recovery manager to move any guest VMs to the interstate DR with identical IP addressing. 

 

I'm unsure how to progress further with the security rules and NAT rules and am searching some guidance as to what other PAN admins have done.

 

My interface and zone naming convention suits the primary DC but due to carrier VLANs will not match the interstate DR. Should I be renaming the primary DC zones to something simple such as WAN / DMZ / LAN / INTERNET ? 

 

Appreciate any comments or suggestions.

Regards

Ben

Highlighted
Cyber Elite

@benlangberg,

This really comes down to administrator preference. Renaming the zones so that make sense in either location would be a logical thing to do, but in the end the name that you give the zone is nothing more than an identifier. Generally speaking, I like to keep my zone names really simple so that anyone who walks into the environment knows exactly what it is when they look at the configuration. 

Highlighted
L1 Bithead

Hi Bpry,

 

Thanks for your advice! 

I do think my zone naming is a little complicated, it makes sense logically but to someone walking in would need to delve deeper through the network and TOR switches to determine how they are configured. 

 

What is going to be the best process on the primary DC to rename the zones? If I rename the zones will all the security rules update with the new name?

 

Cheers

Highlighted
Cyber Elite

@benlangberg,

Correct, if you rename the zone the firewall will update your rulebase as required with the new zone names. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!