Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
175
Views
0
Helpful
2
Replies

why not firewall connect in this way?

Maivakov
Level 1
Level 1

‎07-08-2024 12:47 AM

Assume two Firewall FW1 and FW2

behind FW1 is router1 and behind FW2 is router2 which doing GRE tunnel

traditional FW1 inside connect router1 uplink

why not the peer link between router 1 and router 2 also pass through the same firewall FW1 and FW2

router 1  <-- FW1 between the peer link ---> router 2

router 1  <-- FW2 between the peer link ---> router 2

 

why not the LAN port also pass through the same firewall FW1 and FW2 in order to see the traffic before entering tunnel?

FW1  <----- router 1   <----- FW1

FW2  <----- router 2  <------ FW2

 

Labels:
0 Helpful
2 Replies 2

MHM Cisco World
VIP
VIP

‎07-08-2024 04:46 PM

Sorry can ypu more elaborate 

MHM

0 Helpful

Maivakov
Level 1
Level 1
In response to MHM Cisco World

‎07-09-2024 02:27 AM - edited ‎07-09-2024 02:27 AM

I think same firewall can be utilized at least three times, when subnet are different.

besides router uplink to firewall, why not the peer link between routers also pass through firewall for seeing the traffic failover from MPLS to Internet VPN and Internet VPN to MPLS? third is why not downlink also pass through the same firewall to see the traffic before enter Tunnel ? is it looping reason ? I find cloud router can connect in this way. So, curious why firewall only utilize only one time at uplink?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card