05-07-2025 01:54 AM
Hello All,
We have a setup of Active/Active firewall running with eBGP towards router 1 and router 2 respectively and static route for Lan segment (subnet 1 and 2).
eBGP with As-path prepend for subnet 2 at firewall 1 and As-path prepend for subnet 1 at firewall 2
Static route from subnet 1 to hsrp ip and static route for subnet 2 to hsrp ip. and static route at PA firewall for subnet 1 and subnet 2 to hsrp ip.
We have two different subnet which is pointing to subnet 1 with Active primary Firewall and subnet 2 with Active Secondary firewall .
Note:-we also need symmetric path .
What will happen if primary active firewall fail ?
1. Is active session drop or continue through active secondary firewall ?
Please provide inputs for failover.
Thanks in advance community.
05-14-2025 09:21 PM
Hello @vikramadityak ,
From your diagram, I would say :
- the firewall A falls, the firewall B is already active, so not a big difference except the traffic load may increase on the node.
- the BGP will notice the peering down (depend on your BGP reactivity).
- depend on the configuration of the static route
--> the sessions are in sync between A and B, so existing sessions would be affected if your static routes / BGP routes did not removed at firewall A failure.
Olivier
PCSNE - CISSP
Best Effort contributor
Check out our PANCast Channel
Disclaimer : All messages are my personal ones and do not represent my company's view in any way.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
