Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
463
Views
0
Helpful
0
Replies

General question firewall placement

Frederik De Muyter
Level 1
Level 1

‎12-07-2018 02:19 AM - edited ‎02-21-2020 08:32 AM

Hi,

 

Considering the bellow scenario where i have a multilayer connecting to 2 different MPLS providers (international and local)We are receving and advertising routes via ospf to the MPLS provider.  If we would like to place a firewall in between the routing segment how do i best do this?  Let the firewall participate in OSPF?  Most likely multiple solutions for this?

 

Scenario.PNG

 

I could use IBGP and run it through the firewall, this would give me advantages of network team being in control or routing.

Another solution like this would be create a separate ospf area for the firewall and connect the isp to my backbone area using ospf virtual link.  Don't think this option is that good it will work but.  (in both cases I will see traffic passing the firewall.

GRE for OSPF is also an option but then all my data packets will be encapsulated(firewall has the ability to inspect encapsulated traffic).

Any other options?   Or just let the firewall participate in OSPF area 0?  

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card