03-09-2019 02:00 AM - edited 03-09-2019 02:01 AM
03-09-2019 02:08 AM
Hello,
which Firewall are you planning on installing ? Below is the procedure for Checkpoint firewalls...
03-09-2019 03:59 AM
03-09-2019 03:59 AM
03-09-2019 02:24 AM
Hi,
If I am considering your point
I dont want to run OSPF on Firewall. What is the best practice to establish ospf neighbour between Wan Router and core switch. Please suggest solution on this.
Then it is looking that you are not fulfilling OSPF Neighborship Requirements as the same subnet. I don't think there is an issue with OSPF running on the Firewall but If you don't want due to some network or protocol or your standard then you can implement a Cisco Firewall in the Transparent mode.
Before processing the Transparent mode configuration also check the firewall documents. Will it fulfill your requirements in the Transparent mode?
I have the second option as Configure GRE tunnel Between Core switch and WAN router (If supported) But here is more issue with your security configuration. But your firewall will not able to scan the GRE encapsulated traffic and provide you desire security. Also another issue with the performance of your WAN router. Keep in mind that this is not a recommended solution.
Regards,
Deepak Kumar
03-09-2019 02:53 AM
Hello
@Deepak Kumar wrote:
Hi,
If I am considering your point
I dont want to run OSPF on Firewall. What is the best practice to establish ospf neighbour between Wan Router and core switch. Please suggest solution on this.Then it is looking that you are not fulfilling OSPF Neighborship Requirements as the same subnet. I don't think there is an issue with OSPF running on the Firewall but If you don't want due to some network or protocol or your standard then you can implement a Cisco Firewall in the Transparent mode.
Before processing the Transparent mode configuration also check the firewall documents. Will it fulfill your requirements in the Transparent mode?
I have the second option as Configure GRE tunnel Between Core switch and WAN router (If supported) But here is more issue with your security configuration. But your firewall will not able to scan the GRE encapsulated traffic and provide you desire security. Also another issue with the performance of your WAN router. Keep in mind that this is not a recommended solution.
Regards,
Deepak Kumar
At the end of the day what’s the point of segregation if your going to do this?
03-09-2019 02:59 AM
Hi @paul driver
I am not sure but my consideration was "Currently OSPF is running between my Core Switch and Wan router," Statement made by the original author of this post.
Your point is correct but he may be using any DMVPN/MPLS or other services which is currently depending on the OSPF and He is not aware of redistribution or limitation with this point.
Regards,
Deepak Kumar
03-09-2019 02:47 AM - edited 03-09-2019 02:50 AM
Hello
@Sureshkumar B wrote:
Hi Team, I am planning to seggregate Wan Connectivity and Corporate users through Firewall.
So why do you want a ospf peering between the two - the whole point is to segregate them correct? So just use static routing so egress/ingress traffic traverses your fw
03-09-2019 06:38 AM
if the user path like below
users---access---core---FW--WAN router(internet)
Suggest to have static route on FW is the best approach, since it is default route. Until you have different ISP in the network(then different plan totally).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide