Pls. find attached diagram. my question is, I am not the one managing the FW, and most of the traffic pass through the FW from R1 to R2 to FW. what will happen if i put a route from R2 that will pass through R3 to reach other network will this be ok? even though I already have a route to other network to pass through the FW? which one will be use? thanks
firewalls are very sensitive to asymmetric routing and they usually don't allow flows if they see only the packets in one direction.
Said this, if the static route that you add is comparable to the one already existing to the FW R2 will try to load balance traffic on the two static routes: some flows (defined by IP SA and IP DA) will be sent out link to FW and others will be sent to R3.
Now, on the return path the same problem happens on R3:
without no change traffic will probably go to the FW with the possible problems described above.
From a security point of view the link between R2 and R3 should not be present at all, because it provides a potential bypass of the FW.
I would contact the FW admin and ask to change the FW config to allow the traffic you need.
Bypassing the FW is not a good idea should an attack be performed against your network and someone later investigate it will find this weakness.
As I wrote above that link between R2 and R3 should not exist for a clean security design.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...