In our old datacentre racks we would get one or two Ethernet ISP links, connect them into not overly expensive switches, and then connect HA firewalls into those switches. Needless to say we firewall our infrastructure from external internet. We do not utilise more than 1Gbit so we are not require fast speeds, but we do need reliable internet connection.
Now we are designing new colo in a new region, and datacentre provides only fiber ISP links. We will be getting two single mode fibre links - as I understand, redundant links. New firewalls we will be getting will have SFP/SFP+ interfaces, meaning we can connect ISP fiber cables straight into our firewalls. We plan to run active/passive configuration. What can be wrong with this approach? BGP will not work?
If we want do it with switches in between ISP and our firewalls, switches with fibre modules would cost a lot of money, VAR quoted us around 6k. That sounds unreasonable expense to me, if firewall supports optics, I would rather save 6k or use that switch somewhere better place, where speed and latency matters.
Firewall models I have in mind is PA-800 series, or similar from other vendors.
No comments:
Post a Comment