Solved: Re: Why use both a router and a firewall?

Mitrixsen · ‎02-21-2025

Hello, everyone.

I've just started studying about firewalls for my ENCOR exam and I have a question.

What are some reasons to have a router in addition with a firewall? Like in this example from NetworkLessons.com

Sorry for the poor quality, the original image looks good, not sure why it looks so blurry here. From what I've read, firewalls can perform routing, NAT, have IPSec tunnels configured, and even support BGP.

So what are some reason to have both a firewall and a router and not just use the FW instead?

Thank you.

David

MHM Cisco World · ‎02-21-2025

Not always' FW have secuirty feature not found in router like malware and ssl decrypt inspect...etc.

But cisco new introduce Zone FW which is router with some secuirty features and it perfect for branch site.

MHM

View solution in original post

liviu.gheorghe · ‎02-21-2025

One of the reasons I would think of is this particular situation - if you are running BGP with your providers and are getting the full internet table from your providers, this will require a dedicated router with enough CPU power and memory to accommodate the ful internet table.

Firewalls do run BGP and other routing protocols, but they are not designed to handle the full internet table.

HTH

Regards, LG
*** Please Rate All Helpful Responses ***

View solution in original post

M02@rt37 · ‎02-21-2025

Hello David,

While modern firewalls are indeed capable of routing, NAT, IPSec, and even BGP and so on, having both a router and a firewall in a network offers several advantages.

Routers are specialized in forwarding traffic efficiently across large networks, handling complex routing protocols (like BGP or OSPF), and offering scalability for routing decisions and path selection. Firewalls, on the other hand, are focused on providing security, such as filtering traffic, preventing unauthorized access, and inspecting traffic for threats as @MHM Cisco World mentioned.

By using both devices, you can offload routing tasks to the router, allowing the firewall to concentrate on security duties without compromising performance. Additionally, having separate devices helps in creating a clear separation of roles, making network management easier and improving troubleshooting, as each device handles its specific function. This separation can also enhance network scalability, redundancy, and resilience in larger, more complex environments, no ?

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

Joseph W. Doherty · ‎02-21-2025

Huh, you're questioning why you need to buy two network devices rather then just one? Or perhaps you're questioning why you need to buy three (FW/router/L3-switch) rather than just one?

M02@rt37 reply is probably the perfect answer that an exam would look for. But, real world marketing comes into play too, as there are benefits, and disadvantages, to both sellers and buyers.

I only mention this to keep in mind when designing real networks, certification exams often emphasize the "best" possible rather what's good enough.

View solution in original post

MHM Cisco World · ‎02-21-2025

Not always' FW have secuirty feature not found in router like malware and ssl decrypt inspect...etc.

But cisco new introduce Zone FW which is router with some secuirty features and it perfect for branch site.

MHM

liviu.gheorghe · ‎02-21-2025

One of the reasons I would think of is this particular situation - if you are running BGP with your providers and are getting the full internet table from your providers, this will require a dedicated router with enough CPU power and memory to accommodate the ful internet table.

Firewalls do run BGP and other routing protocols, but they are not designed to handle the full internet table.

HTH

Regards, LG
*** Please Rate All Helpful Responses ***

M02@rt37 · ‎02-21-2025

Hello David,

While modern firewalls are indeed capable of routing, NAT, IPSec, and even BGP and so on, having both a router and a firewall in a network offers several advantages.

Routers are specialized in forwarding traffic efficiently across large networks, handling complex routing protocols (like BGP or OSPF), and offering scalability for routing decisions and path selection. Firewalls, on the other hand, are focused on providing security, such as filtering traffic, preventing unauthorized access, and inspecting traffic for threats as @MHM Cisco World mentioned.

By using both devices, you can offload routing tasks to the router, allowing the firewall to concentrate on security duties without compromising performance. Additionally, having separate devices helps in creating a clear separation of roles, making network management easier and improving troubleshooting, as each device handles its specific function. This separation can also enhance network scalability, redundancy, and resilience in larger, more complex environments, no ?

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Joseph W. Doherty · ‎02-21-2025

Huh, you're questioning why you need to buy two network devices rather then just one? Or perhaps you're questioning why you need to buy three (FW/router/L3-switch) rather than just one?

M02@rt37 reply is probably the perfect answer that an exam would look for. But, real world marketing comes into play too, as there are benefits, and disadvantages, to both sellers and buyers.

I only mention this to keep in mind when designing real networks, certification exams often emphasize the "best" possible rather what's good enough.

MHM Cisco World · ‎02-21-2025

Yes correct

Money money'

It language of world

MHM

M02@rt37 · ‎02-21-2025

:))

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.