Forum Discussion
lkchen
Apr 28, 2012Nimbostratus
I think we did get help from SE when we originally setup our F5 with FWSM. 'cause I don't know how they would've figured out how to do what they've done.
Having F5 route the vlans behind it, and bounce off the FWSM so that the FWSM can control the inter-vlan traffic.
However, we've had this problem...where if the standby unit is disconnected...the active unit will try to failover (because traffic stops). Eventually, the came down to the FWSM.
The explanation I got from networking is the vlans are done by the FWSM, and they do what they do to make it go to both external interfaces of the F5 pair. But, if either side goes down...the FWSM makes the other side pause.
Lately our outages have been because the fiber to the standby got interrupted. Though in the past we had problems where there's been a problem where one path will go away (due to an attempt to upgrade to non-Cisco equipment)...so vlan failsafe has saved us.
But, sure would like to solve this problem....since the Cisco switch that the F5's are connected to are EOL (6509), and eventually I'm going to have to move and I'd like to do it with minimal disruption....to Nexus.
I'm in the Enterprise Systems group....and I manage the F5. We have a separate networking group. And, a separate firewall group. And, I'm not in the discussions between network and firewall (or Cisco) on this issue.
L