cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
911
Views
0
Helpful
11
Replies
Highlighted
Beginner

Best practice Router Position

Hi 

In a collapsed layer design network, should router be attached to Aggregation / Core switch directly ? (i.e. Aggregation Switch--> Router -->internet

(Note: Firewall is also attached to a port of switch) 

Alternatively Aggregation Switch -->Firewall-->router-->internet

Thanks 

Arshad

 

11 REPLIES 11
Highlighted
Hall of Fame Master

Arshad

Arshad

I would think that firewall > router > Internet would be the more common implementation.

HTH

Rick

HTH

Rick
Highlighted
Beginner

Issue is ,I have same set of

Issue is ,I have same set of another equipment, my firewall are clustered (same config) wanna run ibgp on routers as router running ebgp/ibgp And firewall clustered. Is there any way or not. In ist approach I have security concerns mainly 

Router---f/w------ agg sw----agg sw---f/w-----router

Thanks

Highlighted
Hall of Fame Master

I do not understand what you

I do not understand what you are saying here. Your original question asked about Best Practices and we have provided answers about Best Practice. Now you seem to be asking about a particular implementation which is not well described.

In my experience it does not make much difference whether firewall is clustered or not in terms of what kind of device connects to what kind of device.

What does running BGP have to do with the order in which devices are connected?

HTH

Rick

HTH

Rick
Highlighted
Rising star

Alternatively Aggregation

Alternatively Aggregation Switch -->Firewall-->router-->internet

If you have a firewall (which you should really) then this is fine for an approach.

I don't see an issue connecting your Internet Edge to the Aggregation switch in a collapsed core model. 

Highlighted
Beginner

I need a help.. currently my

I need a help.. currently my company network is like this : WAN--> Router--> switch | |--> Firewall which is not secure... i want to change the configuration to : WAN-->Router-->Firewall--> Switch do i need to configure anything on Router and Firewall? Please help me.Thanks
Highlighted
Hall of Fame Master

Your description fails to

Your description fails to tell us where Is the network of users who need to be protected. Depending on the configuration of vlans and routing, it is possible that in the topology you describe that all user traffic flows through the firewall on its way to the Internet and in that case I do not see why it would not be secure. But you know more about your network than we do and if you say that it is not secure then we must work from that assertion.

If you are going to make the change that you suggest then certainly some config changes need to be made. It is likely that interface address changes will be required for the new topology. And likely that some changes in vlans and in routing may be needed. But since we do not know the details of your network we are not able to give you advice on specific changes.

HTH

Rick

HTH

Rick
Highlighted
Beginner

Thanks for your quick

Thanks for your quick response. I've attached an attachment. Please have a look. Does it helping you to have an idea about my network? Please help me.

Highlighted
Hall of Fame Master

Thank you for the additional

Thank you for the additional information. Clearly in the proposed environment all traffic from the switch going to router must go through firewall. As I explained in my previous post in the original environment depending on the configuration of vlans and of routing it is possible that all user traffic going from the switch  to the router would still go through the firewall. Or it is possible that some user traffic might go from switch to router without going through the firewall.

So we need more details of the current configuration to advise whether changes need to be made for the new environment.

HTH

Rick

HTH

Rick
Highlighted
Beginner

I'm trying to make you

I'm trying to make you understand my network and attached another file. Sorry if I'm unable.

All user traffic will go to the router through firewall because i want that from external(WAN) no one can access our network.

I would like to add here that I've configured VPN tunneling and OSPF. If i connect the firewall to the router, do i have to configure that router port? Is the physical connectivity will ensure the connectivity  or i have to configure something on the router and the firewall.

Highlighted
Hall of Fame Master

The new picture is

The new picture is interesting. It is likely that you will need to change some things in the configuration when you move the firewall. Likely interface address on one or both may change. Probably some changes will be needed on router for routes and perhaps some changes in routes on the firewall.

HTH

Rick

HTH

Rick
Highlighted
Beginner

thank for the reply.But what

thank for the reply.But what type of change do i need here? do i have to configure the port? I can configure an ip address and do i have to configure anything else additionally...please help me.