Hi All,

We have 2 Gigabit Ethernet Internet links from different ISPs.(1 on fibre and other on copper) delivered recently. We are doing multihoming and a Firewall will sit between the WAN edge and the LAN.

I am here to get some inputs on whether to go with a Router or a Catalyst.

1. If Router, which one to go for.

2. If Catalyst, is it not a overkill and underutilized.

Thanks in advance,


There are some aspects of your topology that should be clarified before we can give you a really good answer. If you have 2 Gig links (from different ISPs) will they connect to the firewall? If so the number and type of Internet connection will not matter in terms of whether to get a router or a Catalyst switch.

Something else that you need to think about is how the firewall will utilize 2 outbound Internet links. Many firewalls do not utulize 2 outside interfaces. Or will there be 2 firewalls?

It would also be good to know about the interior of your network. What is providing connectivity for your interior network? If you already have a core switch then it might make better sense to use a router for Internet connectivity. Or perhaps it is a possibility to use a Catalyst switch and let it function as both the core switch and the Internet gateway.

So give us some more information about your environment and perhaps we can give you better answers.



Hi Rick,

Thanks for the response,

We are implementing a Firewall in HA that will connect to the Internet GW or the Edge Router/switch (which is the subject topic of discussion here).

Is it better to do

ISP 1 & 2 ---> Router/Switch ---> FW ---> CORE SWITCH.


ISP 1 & 2 ---> CORESWITCH, if so how do we do the FW implementation as it is going to be on a dedicated HW and not a FWSM on the Catalyst.

Please throw some more light.

Note : We have our own AS and will do the HA at the ISP level.

Thanks in Advance.

As a generalization, routers are best for features, both software and hardware. Catalyst L3 switches are best for raw performance.

If your dual Internet links will provide gig throughput (not just gig handoff!!!), for a router, you might need the high end of the 7200 series using a NPE-G2 or perhaps the 7304 using a NSE-100 or NSE-150.

For Catalyst L3 switches, any that provides multiple gig ports, e.g. Catalyst 3560G-24TS, should easily handle dual gig bandwidth.

For additional router performance reference, examine the Mbps column of the attachment.

