Meraki

Community

How many failover options are feasible for a Duel MX firewall cluster?

Vbardy
Here to help
‎Oct 7 2024 7:57 AM
‎Oct 7 2024 7:57 AM

How many failover options are feasible for a Duel MX firewall cluster?

I have a design question.  We are deploying Cradlepoint cellular gateways to a number of our larger boutiques and we have been asked if this set up is possible?

 

  1. Fast Circuit goes into line 1 of MX1
  2. Slow circuit goes into line 2 of MX1
  3. Fast circuit goes into Line 1 of MX2
  4. Cradlepoint goes into Line 2 of MX2

 

I do not think this set up is feasible but I am not well versed in the firewall cluster architecture.  Can anyone here on the forum share their thoughts on this approach?

 

Thank you.

Labels:
0 Kudos
2 Replies 2
MartinLL
Building a reputation
‎Oct 7 2024 8:12 AM
‎Oct 7 2024 8:12 AM

Yes this works. But keep in mind that if the primary WAN on MX1 goes down, the secondary WAN on MX1 will become active, not WAN1 MX2. If your connection is slow this will not be a pleasant experiense for your users.

MLL
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Oct 7 2024 11:54 AM
‎Oct 7 2024 11:54 AM

It would make more sense to have the same fast circuit for both MX'es WAN1 and the same slow circuit for both MX'es WAN2 and then use the mobile backup as Cellular failover link (you can deploy the failover WAN3 option on the newer MX models).

This way if WAN1 fails, it will fail for both MX'es and you have a more determinate failover scenario.
However if circuit 2 is too slow then it would make no sense to use it.  If your mobile service is faster I would use that as WAN2 then but also on both MX'es.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.