Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1373
Views
0
Helpful
1
Replies

VRF vs Firewall Gateway

HS3
Level 1
Level 1

‎12-23-2018 10:54 PM - edited ‎02-21-2020 08:36 AM

we are going to implement an ACI in our DC and there was a discussion about are we going to use the firewall as our gateway or design multiple VRF and the routing will be through the ACI and only use the FW whenever require.

So, what is the best and most secure design by using the FW as our gateway or the ACI/VRF?

 

0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-25-2018 04:51 AM

One can make a case for both design alternatives. Which is best for your environment really depends on an assessment based on the criteria and requirements you have.

 

Even as an engineer who primarily works with security products I realize that they are not always the right tool for the job. Firewalls route with much less capability than routers (and even than many switches with routing enabled). Routers and switches generally don't do IPS and file inspection and such. So there is a place for that in the firewall. There is also a lot of host layer security that can be implemented so that is yet another consideration.

 

If I had to make a snap decision, I would say that "firewall everywhere" is not the best choice. It can work in in some environments but generally does not scale well (unless you pour a lot of money into the solution).

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card