12-06-2018 10:38 AM - edited 12-06-2018 10:39 AM
Hi guys,
The question is about layers of security to implement MPLS link.
Today my MPLS link are terminanting on Border Routers that are performing BGP Single Multi-homed as well.
After this Border Router I have the Firewall performing external NAT and External filtering only and fowarding the traffic via Switch core to Internal Firewall that perform all internal filtering.
So, the communication is in the bellow way: internet > border-router > external-firewall > core-switch > internal-firewall
The security team is asking us about external-firewall role that only performs external filtering and can't perform the routing by yours.
In this way the traffic would be through> internet > border-router > core-switch > internal-firewall.
My point is, whats the best place and recomendation to this case?
Are there some document/recomendation, best practice design to this scenario?
Thank you in advance.
12-07-2018 02:15 AM
it depends...
What is external firewall doing? NAT?
12-07-2018 09:38 AM
Alekseev
Yes. It is doing NAT and are our border firewall.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: