cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1048
Views
15
Helpful
3
Replies
Enthusiast

BGP in Firewall

Hello All - Why do Cisco promoted  BGP in their Firewalls ASA/PIX till recently. I know the famous saying that it is good to have Routing Function separately from Firewall. But why does we prevent BGP peering with Firewall though OSPF/EIGRP/RIP has been supported since beginning?

Just a conceptual thought process

regards,

Sairam

3 REPLIES 3

For me, I would separate the

For me, I would separate the two.  Depending on your BGP setup and what your expecting your firewall to stop in terms of traffic, you could be asking too much of one device.

Regards,  Kevin

Hi,I can give you an example

Hi,

I can give you an example where BGP would be usefull (specially in a multi-context mode where dynamic routing wasn't supported):

Main DC    |         Recovery DC

---- Internet ISP1/ISP2 ------

      |                            |

    R1                         R2

      |                            |

    FW                         FW --- DMZ????

      |                            |

   CORE      -----      CORE   

You would need to place the DMZ somewhere behind the Core and not directly near the first firewall as it would not know how to switch the default route.

Now with BGP on the firewall you can exit through any site.

Traian

 

 

 

Highlighted
Rising star

My guess is that maybe Cisco

My guess is that maybe Cisco didn't have sufficient demand from their customers to run BGP on their firewalls. Therefore they focussed their engineering efforts on developing other firewall features.

CreatePlease to create content
Content for Community-Ad