Re: Questions about network design

Bobbytt10 · ‎08-31-2008

1. Is it possible to use a firewall (netscreen, PIX) as an edge device connecting a network to the internet

2. Is it recommended to use these devices as edge devices, or is it recommended to use a router as the edge device and have these devices located behind the router and why?

Thanks for any help.

ohassairi · ‎09-01-2008

if you have internet access via Leased Line or Frame relay then you need a router to connect to wan.

but if your ISP offer internet via ADSL for example then you can connect your forewall to the adsl via Rj45 cable.

Marwan ALshawi · ‎09-01-2008

ok about first question the answer Yes you can

about the second question

the answer is really depends on ur network size, ur goal, the type off traffic and ISP link, and the budget as well

but let me give u an idea to know how to chose in general

from networking prespective it is better to have a router on the network edge because router can handel network traffic fron routing prespective better for example u can use policy based routing in a router while with the firewall u cant, i fu have more than on isp link u can do loadbalancing while with firewall u cant, also if u have routing with ur isp such as BGP firewall dosnt support BGP

as i told u u can use firewall but router much more flexable than a firewall

but also it depends if u have samll office with ADSL firewall enough in this case

furthurmore router on the network edge with VOIP better than firewall because router have much more support and features for voip and policies

FROM SECURITY prespective

it is better to have arouter in the edge to do packect inspection with ACLs this is first security layer

the second security layer is the firewall behind the edge router also known as permiter router

this firewall will inspect the permited traffic coming from the edge router

so this will make higher level of security

good luck

if helpful Rate