Re: OT - Dynamic Routing on a Firewall?

From: Muhammad Nasim (muhammad.nasim@gmail.com)
Date: Sat Sep 06 2008 - 13:09:46 ART

• Next message: Narbik Kocharians: "Re: Maximum Prefix Warning"
• Previous message: Rado Vasilev: "Re: match mpls experimental"
• Maybe in reply to: CCIEin2006: "OT - Dynamic Routing on a Firewall?"
• Next in thread: CCIEin2006: "Re: OT - Dynamic Routing on a Firewall?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Ok lets have a debate on it.

It depends what exactly the design you have on your network. For example
standard is to have router for ROUTING and Firewall for firewalling and IPS
and other things.

Now if u already have router and firewall in place then it is good to keep
the routing on the routers BUT if u really want to save money then just
purchase firewall which supports good routing and again Juniper takes the
edge.

Juniper SSG series have very strong support of routing not only that it also
supports WAN , DSL and other interfaces so in short u can only buy SSG and
do routing and firewalling not only that from version 6.1.0 juniper firewall
support DMVPN as well which unfortunaly cisco is lacking behind.

There is no hard and fast rule for it. It really depends on your scenario

For example if I am going to desing network for 10 branches now I will first
look into the budget of the my customer if it permits I will surley go for
one router and one firewall.

if it budget does not permit I will go for firewall which supports good
routing as well.

Hope this helps

2008/9/6 CCIEin2006 <ciscocciein2006@gmail.com>

> No brave ones want to tackle this one?
>
> On Fri, Sep 5, 2008 at 10:09 AM, CCIEin2006 <ciscocciein2006@gmail.com
> >wrote:
>
> > Hiya folks,
> >
> > I was wondering if the group could share some pro/cons of running dynamic
> > routing protocols on a firewall?
> > Can anyone share their experience with this?
> >
> > I have a few branch offices connected to HQ in a hub and spoke fashion
> via
> > metro ethernet links. I am looking to add VPN as a backup (each branch
> has
> > local internet access). The routers are currently runnign OSPF.
> >
> > I am thinking of doing it all on the ASA platform to save money, but
> > something in my gut tells me to leave the routing up to routers. So I am
> > thinking I might need to bite the bullet and buy some routers too.
> >
> > What do you think?
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
Muhammad Nasim
Network Engineer
Saudi Arabia
Blogs and organic groups at http://www.ccie.net

• Next message: Narbik Kocharians: "Re: Maximum Prefix Warning"
• Previous message: Rado Vasilev: "Re: match mpls experimental"
• Maybe in reply to: CCIEin2006: "OT - Dynamic Routing on a Firewall?"
• Next in thread: CCIEin2006: "Re: OT - Dynamic Routing on a Firewall?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Oct 04 2008 - 09:26:17 ART