09-19-2019 11:10 PM - edited 02-21-2020 09:45 PM
Hi ,
Please give me favor to ask about IPSec return traffic and WAF traffic.
I also want to know about WAF.
Please see below diagram and let me is should be or not.I want to forward http/https traffic only to WAF and the return traffic to firewall directly.The other kind of traffic incoming and outgoing traffic aslo pass through firewall.
09-22-2019 08:51 AM
09-22-2019 08:09 PM - edited 09-22-2019 08:22 PM
Hi ,
1. i just want to know traffic can go like no.1 or not. Just want to know if i run like that diagram what will happen .I didn't use that method.I am running one is active and one is fail-over.
2.Can i use BPR and Normal route together in one firewall ? I mean i push http/https traffic to WAF by using BPR.Normal traffic will use main routing table.My FW support BPR also.is it possible ? And i forgot to add the router in previous diagram.Please see below diagram is correct diagram.All return traffic are managed by this router.The next hop for alll return traffic is FW interface.If the route is asymmetrical,my FW will drop my return traffic ?
3.Let me know where is best practice location for WAF ? In-front of the firewall or behind or firewall ?
09-23-2019 02:32 AM
Hi,
1. You could use a static route, however if the first Hub failed the static route would remain in place and blackhole the traffic (unless you combine with IP SLA/Tracking). Hence why using a routing protocol would be bettter.
2. Depends on your firewall, yes you can use PBR to redirect traffic to WAF and use the static default route for next hop for all other traffic. I don't see why traffic would be asymetrical, traffic sourced from WAF would be routed back to WAF.
3. The WSA Design guide here. places the device inside the LAN, but no reason why you couldn't put it in a DMZ - no need to use 2 interfaces and act as a router.
HTH
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide