We have to replace our current firewall cluster by a pair of 15600 in active-stanby mode (with 2 10Gb and 8 1Gb interfaces). This firewall cluster will be connected to a pair of Cisco Nexus switches with vPC (active-active).
We have different choices for the connections :
1) bonding both 10Gb interfaces on each firewall, connect them to both Nexus, and make all the internal and external traffic go through this bond, using VLANs
2) bonding both 10Gb interfaces on each firewall, connect them to both Nexus, and make only internal traffic go though the bond. Then bond also 2 or more 1Gb interfaces, connect them to both Nexus, and make only external traffic go though this other bond.
3) do not use bonding at all. Dedicate one 10Gb interface for external traffic, and the other for internal traffic, on each firewall. Connect each firewall only to one Nexus switch.
What is the general recommandation for this setup ?