Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
515
Views
0
Helpful
1
Replies

Advice: Firewall behind router

matthew.norman
Level 1
Level 1

‎08-23-2016 06:42 AM - edited ‎03-08-2019 07:07 AM

Hello all,

I have been doing a bit of reading and most articles have suggested that it is better to have an edge router with the firewall sitting behind the router.

In this case would you still control access to the internal network using the firewall or would you do it on the router with access lists?

What other purpose would the firewall have if the router takes over access control?

Regards

Matt

Labels:
0 Helpful
1 Reply 1

Hector Gustavo Serrano Gutierrez
Cisco Employee
Cisco Employee

‎08-23-2016 02:09 PM

Hello matthew.norman@ers.com,

In my humble opinion, if the the case is Firewall --> Router --> ISP, I would let the Firewall do its duty managing the rules on it. Since Firewalls are there for that purpose, those usually have more advance features to log the allowed/blocked traffic.

Cisco Routers have the 'log' parameter that can be appended to an ACL. However, I would not use that command to monitor all the traffic since it might increase the CPU on the Router. That feature should be used only for troubleshooting purposes.

I hope this helps.

Best Regards.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card