Obviously I would think having a firewall at the Core switch is ideal, however sometimes this may not be possible, (depending where the ISP connection is).
My question is the following, is there a fundamental difference between having a firewall at the edge vs core? At the link below is a drawing of 2 scenarios,
Scenario # 1 the firewall is directly connected to the core switch.
Scenario # 2 the firewall is as the edge switch on it's own VLAN (SVI) is on the core switch and there is a trunk between the core and the edge.
In both scenarios, the static route is pointing to the firewall.
(Note) This is for a backup ISP connection and would only be used as such.
Thanks for any input.
No comments:
Post a Comment