dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
561
xdxml12
join:2012-10-26

xdxml12

Member

Router & Firewall


Hi All,

I had a recommendation from a friend of mine to use use a router with a high security firewall for my internet & wan perimeter. My question is why do I need a firewall there when I have a firewall infront of my core switch which will be separated into different zones including an internet zone. Do I really need to implemnt a firewall on my router?

I read a few things about fast packet filter for front end router firewall and back end for other stuff.

Can anyone shed some light on this?

RyanG1
Premium Member
join:2002-02-10
San Antonio, TX

RyanG1

Premium Member

well it depends on what services or needs you have. The ASA platform is quite different than the IOS based routers they offer such as the ASA not supporting GRe tunnels and BGP.

You need to figure out the exact needs you want for the device.

Ryan
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to xdxml12

MVM

to xdxml12
a) got a diagram of your existing setup

b) what is the actual make / model of devices in your existing setup?

Generally speaking :

1) you can seperate the functions of "router" (moving packets between two or more layer3 networks) and "firewall"
(general stateful connection monitoring, etc) if you so want, or keep them seperate -- it all depends on your needs.

2) firewall types break down as follows :

- static packet filter

- application proxy

- stateful inspection

- UTM / "Next Gen Firewall"

All have their pros and cons, again it all comes down to what you need and what you pay for. As RyanG1 See Profile alluded
to, ASA firewalling and IOS firewalling are two different beasts entirely, and support a different set of functions.
Also be aware of the world outside of Cisco -- heresy to speak of this here, I know -- but if you compare Cisco's firewall
products to stuff from other vendors, like Juniper, Fortinet, etc. you can see some of the features delta present there
as well.

3) is this for a home or office, or even an enterprise setup? Again, it comes down to the requirements.

Some books I'd recommend if you want further reading is as follows are this one, this one and this one if you want some
well rounded information and exposure to firewalls and firewall types from various manufacturers.

My 00000010bits.

Regards

tubbynet
reminds me of the danse russe
MVM
join:2008-01-16
Gilbert, AZ

tubbynet

MVM

said by HELLFIRE:

Also be aware of the world outside of Cisco -- heresy to speak of this here, I know -- but if you compare Cisco's firewall
products to stuff from other vendors, like Juniper, Fortinet, etc. you can see some of the features delta present there
as well.

part of understanding a vendor's portfolio of offerings is to understand its shortcomings.
while i will tend to defend cisco gears if unfounded criticisms are being cast -- i am very open and honest about how the gear fails and where cisco needs to look at adjusting their roadmaps on the product lines.

there is a difference. and a very clear cut one.

q.
aryoba
MVM
join:2002-08-22

aryoba to xdxml12

MVM

to xdxml12
Internet-facing routers could implement some firewall functionality while leaving the stateful-firewall work on actual firewall behind the router. Basic firewall functionality should be at least present on the router itself to protect things like unauthorized access to the router.
xdxml12
join:2012-10-26

xdxml12

Member

THanks all : )