12-06-2021 05:36 AM
Hi All,
After a long debate with my colleague for the topic mentioned here.
For any Enterprise Network: what would be the Pros and Cons for
Terminating Internet lease lines on ISR Routers vs Terminating Internet Lease lines on Next Generation Firewalls.
And also Enterprise network design guide/ Best practices recommendations (I know I'm talking about a very big topic here)
Please help me with your Guidance/Suggestions and Industry best practices.
Solved! Go to Solution.
12-06-2021 06:58 AM
Terminating Internet lease lines on ISR Routers vs Terminating Internet Lease lines on Next Generation Firewalls.
Both solution Viable, depends on requirement. Now a Days NGFW can able to handle this ( NGFW is FW dedicated role with other limited Options when come to Routing and other tuff)
if you looking to some IGP/ BGP peering - i would advise to use Router.
12-06-2021 07:47 AM
I agree with @balaji.bandi, either is viable.
However, I believe best practice would still be to have both.
Why? Well each, generally, does some "things" better than the other.
Routers tend to do routing functions better, including things like QoS (some of the "stuff" Balaji alludes to).
FWs tend to do transit traffic security, both in and out, better. They also might also do other "stuff" better, like VPN support.
Also as Balaji mentions, if your routing requirements are light, a FW often is all you need. Or, conversely, if you have limited transit security needs, a router, alone, often is all you need.
An example of a former is a FW with a default route to a single ISP and one, or perhaps few, routes pointing to a next hop internally.
An example of the latter is a router only allowing VPN traffic with no local Internet access.
12-06-2021 06:58 AM
Terminating Internet lease lines on ISR Routers vs Terminating Internet Lease lines on Next Generation Firewalls.
Both solution Viable, depends on requirement. Now a Days NGFW can able to handle this ( NGFW is FW dedicated role with other limited Options when come to Routing and other tuff)
if you looking to some IGP/ BGP peering - i would advise to use Router.
12-06-2021 07:47 AM
I agree with @balaji.bandi, either is viable.
However, I believe best practice would still be to have both.
Why? Well each, generally, does some "things" better than the other.
Routers tend to do routing functions better, including things like QoS (some of the "stuff" Balaji alludes to).
FWs tend to do transit traffic security, both in and out, better. They also might also do other "stuff" better, like VPN support.
Also as Balaji mentions, if your routing requirements are light, a FW often is all you need. Or, conversely, if you have limited transit security needs, a router, alone, often is all you need.
An example of a former is a FW with a default route to a single ISP and one, or perhaps few, routes pointing to a next hop internally.
An example of the latter is a router only allowing VPN traffic with no local Internet access.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide