07-08-2024 12:47 AM
Assume two Firewall FW1 and FW2
behind FW1 is router1 and behind FW2 is router2 which doing GRE tunnel
traditional FW1 inside connect router1 uplink
why not the peer link between router 1 and router 2 also pass through the same firewall FW1 and FW2
router 1 <-- FW1 between the peer link ---> router 2
router 1 <-- FW2 between the peer link ---> router 2
why not the LAN port also pass through the same firewall FW1 and FW2 in order to see the traffic before entering tunnel?
FW1 <----- router 1 <----- FW1
FW2 <----- router 2 <------ FW2
07-08-2024 04:46 PM
Sorry can ypu more elaborate
MHM
07-09-2024 02:27 AM - edited 07-09-2024 02:27 AM
I think same firewall can be utilized at least three times, when subnet are different.
besides router uplink to firewall, why not the peer link between routers also pass through firewall for seeing the traffic failover from MPLS to Internet VPN and Internet VPN to MPLS? third is why not downlink also pass through the same firewall to see the traffic before enter Tunnel ? is it looping reason ? I find cloud router can connect in this way. So, curious why firewall only utilize only one time at uplink?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide