Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
416
Views
0
Helpful
4
Replies

Need firewall?

ciscors
Level 1
Level 1

‎04-23-2007 08:08 AM

Hey guys

I know very little about MPLS except it provides a company connectivity to

its global offices. I have a client that is going for to AT&T for MPLS

service for its 15 global locations. My question is:

Do I need a firewall to protect this company from AT&T's other customers?

Note: The company wants unrestricted IP connectivity between its offices

I do understand that using MPLS tags, no other AT&T customer would be able

to send traffic to my client's network as MPLS is kind of a VPN (private

network connected via public backbone). However, do most engineers rely

fully on this security or they prefer to have a firewall at each office

anyways?

Thank you

Labels:
0 Helpful
4 Replies 4

mohammedmahmoud
Level 11
Level 11

‎04-24-2007 03:08 AM

Hi there,

As you said, MPLS VPN uses tags (labels) and other stuff to make sure that the customers are secure and completely isolated from each other (we can say that MPLS is highly secure. It's security is equivalent to that found in traditional Layer 2 networks such as Frame Relay or ATM), however if you have an internet access or your security policy requires a detailed security measures you can then use a firewall, but most of the customers rely on MPLS VPNs without firewalls.

HTH, please rate if it does help,

Mohammed Mahmoud.

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame

‎04-24-2007 04:22 AM

Hi

Agree with everything Mohammed said. What i would add is that it really depends on what level of security your customer requires. Some companies with high levels of security implement IPSEC VPN's across their MPLS VPN which adds a further layer of protection in terms of security.

It is unlikely but it just takes a misconfiguration by the SP and your traffic could be leaked to another customer and vice-versa.

Having said that we use an SP MPLS network and we rely purely on the MPLS VPN for segregation of traffic.

HTH

Jon

0 Helpful

ciscors
Level 1
Level 1
In response to Jon Marshall

‎04-24-2007 05:42 AM

Taking both your points, what if the customer is passing confidential data over the MPLS VPN and wants to make sure that even the service provider doesn't have the capability to view that data. In that case, his requirement would definitely dictate IPsec as the service provider definitely retains the capability to look into that data since its passing through their routers.

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to ciscors

‎04-24-2007 05:55 AM

Hi

Correct and that is another reason that customers might well run IPSEC over the top of the MPLS VPN.

Of course it gets to the point that if you really have that high a level of security you may end up putting your own links in.

HTH

Jon

0 Helpful
Customers Also Viewed These Support Documents