FW STP?

[xdxml12]

Hi All,

I had a quick question I wanted to run by you. I have the attached picture for clarification. I have 2 firewalls that will both be on but in transparent mode. If that is the case from my understanding they will be as layer 2 mode. ( These are isg 1000 fw). Am i correct that the topology attached will not work if i want both firewalls to be on because spanning tree will block one connection to the firewall? Or is this a wrong deduction? The plan being being able to use both firewalls to "load balance" the in/out connections to the server. The routing will happen at the core.

Any help will be appreciated.

 

[Viconsul]

Hi,

Based on your diagram you will need to answer a few questions.
1. Are you running multiple vlans?
2. What type of STP are you running on the switches?
If you are running multiple vlans and PVST on the network, then it is possible to load balance the vlans across multiple links, i.e vlan 1-5 on links A on FW1 and vlan 6-10 on link B on FW2.
Also you might be able to bundle the two physical link into an etherchannel, so that you end up with a logical port-channel.
These are just pointers to get you started.

-Viconsul