Now that Palo Alto's can run BGP (will be limited not fully participating in Internet routing) but we are using BGP for dynamic routing between two ISP's. When I look at Cisco designs, they want the router to face the internet but for FW's the design is for the FW to face the internet . For instance,
Internet ->Cisco->Cisco->FW
for FW's
Internet->FW->Cisco users and the FW would seperate the servers from the user networks, etc.
Is there a reason to prefer one over the other?
No comments:
Post a Comment