Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1205
Views
4
Helpful
4
Replies

Allow routing via Internal firewall for Core switch & Internet firewal

inhamit
Level 1
Level 1

‎07-11-2023 04:36 AM

Hi, we have below architecture in which routing between different firewall take place via Internal firewalls only. We have used the core switch only to create VLANs and Connect to access switch. We also have Internet firewall which is connected to core switch. As there is no routing is done in the core switch, how user will access the internet via internal firewall. Please suggest the configuration to be followed. I am not sure whether @MHM Cisco World @Aref Alsouqi @rob_ingram  remember it or not as I asked this question before. Please let me know at Internet firewall side, which port I need to create? It will be Access port or sub interface? Please help me with one quick example.

inhamit_1-1689075106439.png

 

 

4 Replies 4

M02@rt37
VIP
VIP

‎07-11-2023 05:08 AM

Hello @inhamit,

All VLAN have got their Gw to the internal FW ?

What about create a vlan between internal and Internet FW ?  Each equipement hold IP ADD on a specific subnet (/30), relayed by this VLAN on CORE Switch.

Then, configure BGP between Internet and Internal Firewall. Internet Firewall would announce default route to Internal Firewall. Internal Firewall would announce the differents subnets. Internet FW would do NAT plus Filtering.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

inhamit
Level 1
Level 1
In response to M02@rt37

‎07-11-2023 06:39 AM

yes All Internal VLAN's have default gateway to Internal firewall.

I have created Internet VLAN  (VLAN 100) in core switch as core switch is placed between Internal and Internet firewall. The VLAN have default gateway in internal firewall (172.19.100.1) and Trunk port is configured between core switch and Internal firewall.

Core switch and Internal firewall is connected over Access port  (Access port is configured in core switch and Internet firewall side This access port is linked to VLAN 100). I have also created the Internet VLAN (VLAN 100) in Internet firewall.

Now Do I need to create BGP between Internet and Internal firewall? How can I verify the configuration? Can u please give some commands as an example.

0 Helpful

ammahend
VIP
VIP

‎07-11-2023 05:23 AM

you might be better off looking at this logically than physically.

ammahend_1-1689078209709.png

 

 

-hope this helps-

inhamit
Level 1
Level 1
In response to ammahend

‎07-11-2023 06:41 AM

@ammahend what do u mean by Edge FW here? Core switch is placed between Internal firewall and Internet firewall. Yes, core switch is acting like L2 here.

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card