We have 2 circuits, ~1gb total. Currently all our DMZs are routed statically from one circuit and egress out the other. The handoffs go to separate L3 switches and go thru a couple of hops (again via static routes) to the firewall. This design has been around for about a decade and no one really touched it because “it worked”.
Now that those switches are past eol, I figured it’s an opportunity to get rid of these transit devices and just go straight to the firewall. At the same time, use bgp on those 2 circuits for redundancy. Currently using Gaia R80.40 checkpoint running on dell R740s
On a design perspective, does this make sense? Or Would it make more sense to use 2 (bgp) routers on the handoff so as not to overburden the fw?
No comments:
Post a Comment