dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
497
share rss forum feed

xdxml12

join:2012-10-26

Router & Firewall


Hi All,

I had a recommendation from a friend of mine to use use a router with a high security firewall for my internet & wan perimeter. My question is why do I need a firewall there when I have a firewall infront of my core switch which will be separated into different zones including an internet zone. Do I really need to implemnt a firewall on my router?

I read a few things about fast packet filter for front end router firewall and back end for other stuff.

Can anyone shed some light on this?


RyanG1
Premium
join:2002-02-10
San Antonio, TX
kudos:1
well it depends on what services or needs you have. The ASA platform is quite different than the IOS based routers they offer such as the ASA not supporting GRe tunnels and BGP.

You need to figure out the exact needs you want for the device.

Ryan
--
Human beings, who are almost unique in having the ability to learn from the experience of others, are also remarkable for their apparent disinclination to do so. -Douglas Adams

HELLFIRE
Premium
join:2009-11-25
kudos:19
reply to xdxml12
a) got a diagram of your existing setup

b) what is the actual make / model of devices in your existing setup?

Generally speaking :

1) you can seperate the functions of "router" (moving packets between two or more layer3 networks) and "firewall"
(general stateful connection monitoring, etc) if you so want, or keep them seperate -- it all depends on your needs.

2) firewall types break down as follows :

- static packet filter

- application proxy

- stateful inspection

- UTM / "Next Gen Firewall"

All have their pros and cons, again it all comes down to what you need and what you pay for. As RyanG1 See Profile alluded
to, ASA firewalling and IOS firewalling are two different beasts entirely, and support a different set of functions.
Also be aware of the world outside of Cisco -- heresy to speak of this here, I know -- but if you compare Cisco's firewall
products to stuff from other vendors, like Juniper, Fortinet, etc. you can see some of the features delta present there
as well.

3) is this for a home or office, or even an enterprise setup? Again, it comes down to the requirements.

Some books I'd recommend if you want further reading is as follows are this one, this one and this one if you want some
well rounded information and exposure to firewalls and firewall types from various manufacturers.

My 00000010bits.

Regards


tubbynet
reminds me of the danse russe
Premium,MVM
join:2008-01-16
Chandler, AZ
kudos:1
said by HELLFIRE:

Also be aware of the world outside of Cisco -- heresy to speak of this here, I know -- but if you compare Cisco's firewall
products to stuff from other vendors, like Juniper, Fortinet, etc. you can see some of the features delta present there
as well.

part of understanding a vendor's portfolio of offerings is to understand its shortcomings.
while i will tend to defend cisco gears if unfounded criticisms are being cast -- i am very open and honest about how the gear fails and where cisco needs to look at adjusting their roadmaps on the product lines.

there is a difference. and a very clear cut one.

q.
--
"...if I in my north room dance naked, grotesquely before my mirror waving my shirt round my head and singing softly to myself..."

aryoba
Premium,MVM
join:2002-08-22
kudos:6
reply to xdxml12
Internet-facing routers could implement some firewall functionality while leaving the stateful-firewall work on actual firewall behind the router. Basic firewall functionality should be at least present on the router itself to protect things like unauthorized access to the router.

xdxml12

join:2012-10-26
THanks all : )