cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Choose one of the topics below for SD-WAN Resources to help you on your journey with SD-WAN

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.

480
Views
0
Helpful
1
Replies
miras
Contributor

SD-WAN connectivity to the Internet

From security perspective, would it be OK to connect the SD-WAN appliance directly to the Internet, or should it be connected behind the firewall with a 1 to 1 Static NAT configured?

1 ACCEPTED SOLUTION

Accepted Solutions
tahiali
Cisco Employee

It is perfectly fine to connect sdwan appliance directly as it has built in security mechnism like control plane rate policing implict acls etc

the appliance will only be responding to communications from authenticated controllers , vedges or legitimate user traffic or to the services traffic u manuualy alow like dhcp dns etc

 

also sdwan with 18.4 can now have a firewall ips dns security and url filterting device (with some hardware exceptions)

 

still if you need a firewall it can sit behind a nat device as well

View solution in original post

1 REPLY 1
tahiali
Cisco Employee

It is perfectly fine to connect sdwan appliance directly as it has built in security mechnism like control plane rate policing implict acls etc

the appliance will only be responding to communications from authenticated controllers , vedges or legitimate user traffic or to the services traffic u manuualy alow like dhcp dns etc

 

also sdwan with 18.4 can now have a firewall ips dns security and url filterting device (with some hardware exceptions)

 

still if you need a firewall it can sit behind a nat device as well