Just an addition on this.
I've noticed this after I added the following on the Cisco switch on all
intefaces where the firewalls are connected:
spanning-tree portfast trunk
spanning-tree bpdufilter enable
Don't know if it's relevant but I thought I should mention it.
interface GigabitEthernet1/24
description firewall-1-ext
no ip address
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan XXX
switchport mode trunk
spanning-tree portfast trunk
spanning-tree bpdufilter enable
end
Giannis
