11-16-2022 11:17 AM
My college professor has asked me to design a network (on packet tracer) that uses a ASA firewall, as well as a IOS Router Firewall to protect the DMZ. As shown in the screenshot.
I'm struggling to understand why we would need a combination of different firewalls to protect the DMZ.
Can anybody be helpful enough to explain why? Thank you.
11-16-2022 01:08 PM
High level :
As per the diagram, your IOS router does the basic feature of ACL to stop the traffic and do NAT from inside to outside.
Always having more layers in the network is the best security to protect the network. DMZ is exposed to the internet and FW is stateful (compared to IOS Router FW is just ACL).
11-16-2022 03:50 PM
Thank you for your reply. I think my professor wants us to use a zone based firewall on the IOS router, as well as ACLs.
From my limited experience with networking, it's not making much sense by having two different firewalls set up right next to each other.
The layers of security makes sense but this seems like an odd setup, unless i'm missing something.
11-17-2022 01:08 PM
Hi Friend,
the Zone Firewall will drop the a lot of DDoS toward your network.
ASA will only filter trraffic and Op can use for VPN.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide