Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here




Hi All,

I had a quick question I wanted to run by you. I have the attached picture for clarification. I have 2 firewalls that will both be on but in transparent mode. If that is the case from my understanding they will be as layer 2 mode. ( These are isg 1000 fw). Am i correct that the topology attached will not work if i want both firewalls to be on because spanning tree will block one connection to the firewall? Or is this a wrong deduction? The plan being being able to use both firewalls to "load balance" the in/out connections to the server. The routing will happen at the core.

Any help will be appreciated.



Based on your diagram you will need to answer a few questions.
1. Are you running multiple vlans?
2. What type of STP are you running on the switches?
If you are running multiple vlans and PVST on the network, then it is possible to load balance the vlans across multiple links, i.e vlan 1-5 on links A on FW1 and vlan 6-10 on link B on FW2.
Also you might be able to bundle the two physical link into an etherchannel, so that you end up with a logical port-channel.
These are just pointers to get you started.


Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close