Hey all,
I'm a bit stuck here. I'm building out a new configuration which includes:
- Fortigate 500E firewall (HA pair)
- Brocade 7750 Core Switch
- ISP MPLS connection (BGP)
- ISP Internet connection
I plan to have the gateways for my private subnets on both the Firewall and the Core switch. (More secure networks on the Firewall so I can apply policies, less secure on the core)
I have a couple of options I'm considering, but I'm not sure which is best:
1) Terminate all ISP connections into Firewall (including MPLS) and then peer Firewall BGP with MPLS, and peer Firewall BGP/OSPF with Core Switch
2) Only terminate internet into Firewall, peer firewall with core switch BGP/OSPF, then peer core switch BGP with MPLS.
Not really sure what the pros/cons would be of each and which is best practice? I have a sister site that has a similar setup, it peers Firewall with core switch BGP, then core switch with MPLS router BGP, so maybe I'd just do that?
No comments:
Post a Comment