Options

Screening router

DCDDCD Member Posts: 473 ■■■■□□□□□□
in CCNP Security
Should you use a router in front of your firewall ? And why would you in the first place? I've seen it a couple of time but nobody can say why it was done.
· Share on FacebookShare on Twitter

Comments

  • Options
    pevangelpevangel Member Posts: 342
    I know one reason is because ASAs don't support BGP. I don't know if any newer ones do, but most customers that I've dealt with have ASAs that don't support BGP.
    · Share on FacebookShare on Twitter
  • Options
    JobeneJobene Member Posts: 63 ■■■□□□□□□□
    Asa X does ;)

    I always put a router in front ( with hardening ) and than behind the asa!
    Pro: less performanceproblems on the asa
    Con:You need Publicaddresses between router and asa for nat
    · Share on FacebookShare on Twitter
  • Options
    docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    Plus if you do some basic filtering on the router interfaces, you reduce the amount of random Internet radiation (automated portscans, etc.) from hitting your firewall and creating excessive log noise, which in turn helps make your logs easier to parse, store, and ultimately read.

    It does mean an additional hardware in the path which can have problems, of course.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
    · Share on FacebookShare on Twitter
  • Options
    DCDDCD Member Posts: 473 ■■■■□□□□□□
    Thanks for the insight.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.