Hi guys, new with PANs but not with firewalls. Replacing our older Cisco ASAs with PANs and have a design question for larger installations (about 10,000 simultaneous users). We currently route our wireless traffic with two pairs of Cisco 6500/sup2Ts (layer 2 switch + router), and have a static route to send all traffic to the inside interface of the firewall (except DHCP and a few subnets that stay inside, we accomplish this with policy base routing). It was suggested we remove the layer 3 from the 6500s for the wireless subnets and just do a layer 2 (trunk) to the PANs, and let them do the routing. Is this advisable and will the PANs be able to keep up as the router and firewall?
WIthout knowing your setup more it would work fine. You don't need to get rid of layer 3 if you don't want to, you can route everything to a layer3 interface on the firewall itself. A properly sized firewall will have no issue doing this, just make sure you don't undersize your hardware.
How you set this up would really depend on the rest of your network and what you are trying to accomplish in the end. It appears to me like either solution would be viable and would likely work perfectly fine.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!