cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
564
Views
0
Helpful
2
Replies

MPLS Security Design

Marcello Costa
Level 1
Level 1

Hi guys,

The question is about layers of security to implement MPLS link.

Today my MPLS link are terminanting on Border Routers that are performing BGP Single Multi-homed as well.

After this Border Router I have the Firewall performing external NAT and External filtering only and fowarding the traffic via Switch core to Internal Firewall that perform all internal filtering.

So, the communication is in the bellow way: internet > border-router > external-firewall > core-switch > internal-firewall

 

The security team is asking us about external-firewall role that only performs external filtering and can't perform the routing by yours.

 

In this way the traffic would be through> internet > border-router > core-switch > internal-firewall.

 

My point is, whats the best place and recomendation to this case?

Are there some document/recomendation, best practice design to this scenario?

 

Thank you in advance.

2 Replies 2

a.alekseev
Level 7
Level 7

it depends...

What is external firewall doing? NAT? 

 

Alekseev

 

Yes. It is doing NAT and are our border firewall.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: