01-07-2019 07:54 AM - edited 03-08-2019 05:33 PM
From security perspective, would it be OK to connect the SD-WAN appliance directly to the Internet, or should it be connected behind the firewall with a 1 to 1 Static NAT configured?
Solved! Go to Solution.
01-07-2019 08:03 AM - edited 01-09-2019 02:36 PM
It is perfectly fine to connect sdwan appliance directly as it has built in security mechnism like control plane rate policing implict acls etc
the appliance will only be responding to communications from authenticated controllers , vedges or legitimate user traffic or to the services traffic u manuualy alow like dhcp dns etc
also sdwan with 18.4 can now have a firewall ips dns security and url filterting device (with some hardware exceptions)
still if you need a firewall it can sit behind a nat device as well
01-07-2019 08:03 AM - edited 01-09-2019 02:36 PM
It is perfectly fine to connect sdwan appliance directly as it has built in security mechnism like control plane rate policing implict acls etc
the appliance will only be responding to communications from authenticated controllers , vedges or legitimate user traffic or to the services traffic u manuualy alow like dhcp dns etc
also sdwan with 18.4 can now have a firewall ips dns security and url filterting device (with some hardware exceptions)
still if you need a firewall it can sit behind a nat device as well
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide