Home
Certification Preparation
Cisco
CCNP
CCNP Security
Screening router
DCD
Should you use a router in front of your firewall ? And why would you in the first place? I've seen it a couple of time but nobody can say why it was done.
Find more posts tagged with
Comments
pevangel
I know one reason is because ASAs don't support BGP. I don't know if any newer ones do, but most customers that I've dealt with have ASAs that don't support BGP.
Jobene
Asa X does
I always put a router in front ( with hardening ) and than behind the asa!
Pro: less performanceproblems on the asa
Con:You need Publicaddresses between router and asa for nat
docrice
Plus if you do some basic filtering on the router interfaces, you reduce the amount of random Internet radiation (automated portscans, etc.) from hitting your firewall and creating excessive log noise, which in turn helps make your logs easier to parse, store, and ultimately read.
It does mean an additional hardware in the path which can have problems, of course.
DCD
Thanks for the insight.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
