Questions about network design

Unanswered Question
Aug 31st, 2008
User Badges:

1. Is it possible to use a firewall (netscreen, PIX) as an edge device connecting a network to the internet


2. Is it recommended to use these devices as edge devices, or is it recommended to use a router as the edge device and have these devices located behind the router and why?


Thanks for any help.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
ohassairi Mon, 09/01/2008 - 01:58
User Badges:
  • Silver, 250 points or more

if you have internet access via Leased Line or Frame relay then you need a router to connect to wan.

but if your ISP offer internet via ADSL for example then you can connect your forewall to the adsl via Rj45 cable.


Marwan ALshawi Mon, 09/01/2008 - 02:02
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

ok about first question the answer Yes you can


about the second question

the answer is really depends on ur network size, ur goal, the type off traffic and ISP link, and the budget as well


but let me give u an idea to know how to chose in general


from networking prespective it is better to have a router on the network edge because router can handel network traffic fron routing prespective better for example u can use policy based routing in a router while with the firewall u cant, i fu have more than on isp link u can do loadbalancing while with firewall u cant, also if u have routing with ur isp such as BGP firewall dosnt support BGP


as i told u u can use firewall but router much more flexable than a firewall

but also it depends if u have samll office with ADSL firewall enough in this case


furthurmore router on the network edge with VOIP better than firewall because router have much more support and features for voip and policies


FROM SECURITY prespective

it is better to have arouter in the edge to do packect inspection with ACLs this is first security layer

the second security layer is the firewall behind the edge router also known as permiter router

this firewall will inspect the permited traffic coming from the edge router

so this will make higher level of security


good luck


if helpful Rate

Actions

This Discussion