Firewall Router Switch Best Practice

jah8887jah8887 Member Posts: 81 ■■■□□□□□□□
I am doing some best practice research for a small business. It has come up a lot before online I found out with the debate of Firewall first before router and vice versa. They have a Cisco ASA, 4300 Cisco Router series, and a Cisco SG550x 24 port switch. Comcast business Class is their ISP. I did some background research and there will be no webservers or VPNS needed etc.

I was debating between one of these 2

ISP > ASA > Router > Switch - My recommendation

ISP > Router > ASA > Switch

Any one else have recommendations on best practice?


  • macariusmacarius Registered Users Posts: 4 ■■□□□□□□□□
    what about this other option ?

    ISP > ASA > Switch
  • IristheangelIristheangel Mod Posts: 4,133 Mod
    It all depends on what you're doing. i.e. Are you doing VPN? If so, what kind of VPN? Where is the VPN going to be terminated on? Are you going to NAT? Where does the NAT need to be placed? etc etc etc
    BS, MS, and CCIE #50931
  • jah8887jah8887 Member Posts: 81 ■■■□□□□□□□
    After talking some more I have a better idea of what they want done. I will list them below

    1. They have 2 Cisco WAPs which one would be used for guest wireless and one for business wireless

    2. They have a server (Regular File server) they would like it on a different sub net but be able to communicate with their business pcs, which is /24 at the moment.

    3. They plan on potentially expanding the network later on if all goes according to plan.

    4. Also no remote access, DMZ, or VPN will be needed as of now.

    Thanks all for the replies.
Sign In or Register to comment.