Solved: ScottIf your firewalls are

Scott Pickles · ‎03-30-2015

In the Firewall and IPS design guide, there are switches on the outside of the firewall, before the internet edge routers. What is the purpose of these switches on the outside? What benefit does one gain by having them in place? The guide can be found here.

Jon Marshall · ‎03-30-2015

Scott

I don't know whether there is a specific diagram you were referring to but as a general answer.

If your firewalls are running as a pair then they need their outside interfaces in the same IP subnet.

You could not connect them directly to the routers because then each interface would have to use a different IP subnet.

So you use switches and place the outside interfaces of the firewalls and the inside interfaces of the routers into the same vlan/IP subnet.

Jon

View solution in original post

Jon Marshall · ‎03-30-2015

Scott

I don't know whether there is a specific diagram you were referring to but as a general answer.

If your firewalls are running as a pair then they need their outside interfaces in the same IP subnet.

You could not connect them directly to the routers because then each interface would have to use a different IP subnet.

So you use switches and place the outside interfaces of the firewalls and the inside interfaces of the routers into the same vlan/IP subnet.

Jon

Firewall Design Guide - Outside Switches