Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1068
Views
0
Helpful
2
Replies

Is Firewall needed with IP VPN

winsonlee
Level 1
Level 1

‎10-08-2005 06:47 AM - edited ‎03-03-2019 10:41 AM

for a network that is connected to the internet via IP VPN service, is firewall still needed ??

Labels:
0 Helpful
2 Replies 2

thisisshanky
Level 11
Level 11

‎10-08-2005 08:55 AM

When you say IP VPN service, is it a managed internet service (VPN) where multiple offices connect via VPN ?

Adding a firewall is always a good idea, because even with IP VPN service, you are still attached to a service providers core and it also doesnt mean attacks could come from any where within the service provider's cloud. Plus, you can also enforce outbound firewall rules, so that you can restrict what each user can access. YOu could additionally use a firewall like PIX and Websense for URL filtering. This will also help log, what URLs are accessed by each user. If you have public-accessible servers (Web, mail etc), even those servers can be put in a DMZ isolated interface of the firewall and you wont have to worry about security breaches into your DMZ, affecting your internal network.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to thisisshanky

‎10-08-2005 09:37 AM

Winson

I very much agree with the points made by Sankar. An IPSec VPN only provides protection for the traffic that is being transmitted through the VPN. It provides no protection about any other traffic that might be received. I have deployed many VPN routers where we provide protection against other traffic. I am surprised some times at the amount of other traffic, which includes probes of the network and things that are likely attack attempts, which we detect and discard at the edge of the remote network.

Depending on how the VPN is terminated (on an Internet facing router, or a concentrator or other device behind the edge of the remote network) the firewall might be positioned between the VPN termination and the remote network in which case it will see the all of the traffic and be able to evaluate it. Or the firewall might be between the VPN termination and the remote network edge in which case it will see the IPSec traffic but not be able to evaluate it while it can evaluate all other traffic.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents