cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
254
Views
0
Helpful
2
Replies

why not firewall connect in this way?

Maivakov
Level 1
Level 1

Assume two Firewall FW1 and FW2

behind FW1 is router1 and behind FW2 is router2 which doing GRE tunnel

traditional FW1 inside connect router1 uplink

why not the peer link between router 1 and router 2 also pass through the same firewall FW1 and FW2

router 1  <-- FW1 between the peer link ---> router 2

router 1  <-- FW2 between the peer link ---> router 2

 

why not the LAN port also pass through the same firewall FW1 and FW2 in order to see the traffic before entering tunnel?

FW1  <----- router 1   <----- FW1

FW2  <----- router 2  <------ FW2

 

2 Replies 2

Sorry can ypu more elaborate 

MHM

I think same firewall can be utilized at least three times, when subnet are different.

besides router uplink to firewall, why not the peer link between routers also pass through firewall for seeing the traffic failover from MPLS to Internet VPN and Internet VPN to MPLS? third is why not downlink also pass through the same firewall to see the traffic before enter Tunnel ? is it looping reason ? I find cloud router can connect in this way. So, curious why firewall only utilize only one time at uplink?

Review Cisco Networking for a $25 gift card