07-01-2019 07:18 AM
My manager went to a conference. She came back asking about replacing the routers in our WAN with firewalls. My knee-jerk response was no way, but we are migrating to an ethernet based WAN - so maybe?
Any thoughts?
07-01-2019 09:08 AM
You can do this new generation FW ACT as WAN Side Edge FW can connect directly to WAN or ISP) - as long as you have only 1 route to go out or you can add another ISP to another interface as 2 outside interface in the future.
07-01-2019 09:13 AM
07-02-2019 05:34 AM
At least that is what I did for a couple of customers. But it always depends on what you want to achieve.
Traditionally I had IOS-routers in the branches because of the routing- and VPN flexibility. And of course for direct internet access, we need a firewall.
Personally, I don't like the zone-based firewall on IOS. For offices that only need hub-and-spoke traffic we then used ASAs and even got more throughput for the same amount of money.
For a different client, where more powerful SD-WAN features are needed we are migrating to a Meraki MX solution and the routers will get removed in the future.
So, yes, you often can replace routers with firewall and in many scenarios it's a good decision. But routers still have their place in the network for example when you want to build partial mesh VPNs with DMVPN or FlexVPN.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: