Buy or Renew
Buy or Renew
Join the Catalyst Center Onboarding Ask Me Anything event happening now!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2298
Views
0
Helpful
3
Replies

Cisco cEdge with Firewall

RS19
Level 4
Level 4

‎03-11-2019 07:15 PM

Would like to check with you regarding the below point.

- Is it best practice to have hardware firewall in front of the Cisco SD-WAN devices as part of security ?

Is it best practice or recommended practice to put the firewall ?

Labels:
0 Helpful
3 Replies 3

RS19
Level 4
Level 4

‎03-12-2019 07:46 PM

Any inputs

0 Helpful

pheger
Level 1
Level 1
In response to RS19

‎03-14-2019 07:24 AM

It depends.. If you use NAT for a localised internet breakout, then I would suggest using a firewall. If you just plug the internet circuit into the router, have the interface be part of VPN 0 (Underlay), use it only to terminate the DTLS/BFD tunnels, then it "should be" secure. Just disable SSH, ICMP, etc on that interface. It's supposed to be a hardened interface, and they keep track of the packet based on the TCP sequence numbers which limits they chances of anyone hijacking the session / man-in-the-middle. 

 

Double-check with your Cisco reps though and share your findings. It's been a while since I looked into the details around this. 

0 Helpful

RS19
Level 4
Level 4
In response to pheger

‎03-14-2019 04:58 PM

Thanks.

I am planning to use Cisco ISR router with IOS XE image.

So wanted to check if IOS XE SD WAN functionality has robust firewall functionality ?

 

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card