topic Re: why not firewall connect in this way? in Network Security

why not firewall connect in this way?

Maivakov — Mon, 08 Jul 2024 07:47:17 GMT

Assume two Firewall FW1 and FW2

behind FW1 is router1 and behind FW2 is router2 which doing GRE tunnel

traditional FW1 inside connect router1 uplink

why not the peer link between router 1 and router 2 also pass through the same firewall FW1 and FW2

router 1 <-- FW1 between the peer link ---> router 2

router 1 <-- FW2 between the peer link ---> router 2

why not the LAN port also pass through the same firewall FW1 and FW2 in order to see the traffic before entering tunnel?

FW1 <----- router 1 <----- FW1

FW2 <----- router 2 <------ FW2

Re: why not firewall connect in this way?

MHM Cisco World — Mon, 08 Jul 2024 23:46:43 GMT

Sorry can ypu more elaborate

MHM

Re: why not firewall connect in this way?

Maivakov — Tue, 09 Jul 2024 09:27:54 GMT

I think same firewall can be utilized at least three times, when subnet are different.

besides router uplink to firewall, why not the peer link between routers also pass through firewall for seeing the traffic failover from MPLS to Internet VPN and Internet VPN to MPLS? third is why not downlink also pass through the same firewall to see the traffic before enter Tunnel ? is it looping reason ? I find cloud router can connect in this way. So, curious why firewall only utilize only one time at uplink?