Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2016
Views
10
Helpful
3
Replies

Firewalls/ASA instead of Routers?

r.walthall
Level 1
Level 1

‎07-01-2019 07:18 AM

My manager went to a conference. She came back asking about replacing the routers in our WAN with firewalls.  My knee-jerk response was no way, but we are migrating to an ethernet based WAN - so maybe?

 

Any thoughts?

 

  

 

 

Labels:
0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎07-01-2019 09:08 AM

You can do this  new generation FW ACT as WAN Side Edge FW can connect directly to WAN or ISP) - as long as you have only 1 route to go out or you can add another ISP to another interface as 2 outside interface in the future.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Mohammed al Baqari
Level 11
Level 11

‎07-01-2019 09:13 AM

It depends on your requirement and the size of your network.

Small offices can terminate WAN links on Firewall and use it to provide
internet service and some security along with VPN (such as firepower 1000
series or snoicwall, etc). For enterprise networks with requirements of
DMVPN, GetVPN, MPLS with VRF/routing/etc, Advanced Security services such
file inspection, ssl interception, etc then you need to have separate
equipment.

I suggest to list down your requirements and accordingly start designing
your network.


**** Remember to rate useful posts

Karsten Iwen
VIP
VIP

‎07-02-2019 05:34 AM

At least that is what I did for a couple of customers. But it always depends on what you want to achieve.

Traditionally I had IOS-routers in the branches because of the routing- and VPN flexibility. And of course for direct internet access, we need a firewall.

Personally, I don't like the zone-based firewall on IOS. For offices that only need hub-and-spoke traffic we then used ASAs and even got more throughput for the same amount of money.

For a different client, where more powerful SD-WAN features are needed we are migrating to a Meraki MX solution and the routers will get removed in the future.

 

So, yes, you often can replace routers with firewall and in many scenarios it's a good decision. But routers still have their place in the network for example when you want to build partial mesh VPNs with DMVPN or FlexVPN.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card