Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1677
Views
0
Helpful
2
Replies

ISP termination on ISR vs Firewall

Go to solution
kumarmh91282
Level 1
Level 1

‎12-06-2021 05:36 AM

Hi All,

 

After a long debate with my colleague for the topic mentioned here.

 

For any Enterprise Network:   what would be the Pros and Cons for 

 

Terminating Internet lease lines on ISR Routers  vs Terminating Internet Lease lines on Next Generation Firewalls.

 

And also Enterprise network design guide/ Best practices recommendations (I know I'm talking about a very big topic here)

 

Please help me with your Guidance/Suggestions and Industry best practices.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎12-06-2021 06:58 AM 

Terminating Internet lease lines on ISR Routers  vs Terminating Internet Lease lines on Next Generation Firewalls.

Both solution Viable, depends on requirement. Now a Days NGFW can able to handle this ( NGFW is FW dedicated role with other limited Options when come to Routing and other tuff)

 

if you looking to some IGP/ BGP peering - i would advise to use Router.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎12-06-2021 07:47 AM

I agree with @balaji.bandi, either is viable.

However, I believe best practice would still be to have both.

Why?  Well each, generally, does some "things" better than the other.

Routers tend to do routing functions better, including things like QoS (some of the "stuff" Balaji alludes to).

FWs tend to do transit traffic security, both in and out, better.  They also might also do other "stuff" better, like VPN support.

Also as Balaji mentions, if your routing requirements are light, a FW often is all you need.  Or, conversely, if you have limited transit security needs, a router, alone, often is all you need.

An example of a former is a FW with a default route to a single ISP and one, or perhaps few, routes pointing to a next hop internally.

An example of the latter is a router only allowing VPN traffic with no local Internet access.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎12-06-2021 06:58 AM 

Terminating Internet lease lines on ISR Routers  vs Terminating Internet Lease lines on Next Generation Firewalls.

Both solution Viable, depends on requirement. Now a Days NGFW can able to handle this ( NGFW is FW dedicated role with other limited Options when come to Routing and other tuff)

 

if you looking to some IGP/ BGP peering - i would advise to use Router.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎12-06-2021 07:47 AM

I agree with @balaji.bandi, either is viable.

However, I believe best practice would still be to have both.

Why?  Well each, generally, does some "things" better than the other.

Routers tend to do routing functions better, including things like QoS (some of the "stuff" Balaji alludes to).

FWs tend to do transit traffic security, both in and out, better.  They also might also do other "stuff" better, like VPN support.

Also as Balaji mentions, if your routing requirements are light, a FW often is all you need.  Or, conversely, if you have limited transit security needs, a router, alone, often is all you need.

An example of a former is a FW with a default route to a single ISP and one, or perhaps few, routes pointing to a next hop internally.

An example of the latter is a router only allowing VPN traffic with no local Internet access.

0 Helpful
Top