+ Reply to Thread
Results 1 to 5 of 5
  1. DCD
    DCD is offline
    Senior Member DCD's Avatar
    Join Date
    Jan 2013
    Location
    San Francisco , Ca
    Posts
    437

    Certifications
    CCNA
    #1

    Default Screening router

    Should you use a router in front of your firewall ? And why would you in the first place? I've seen it a couple of time but nobody can say why it was done.
    Last edited by DCD; 08-21-2014 at 07:32 AM.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member pevangel's Avatar
    Join Date
    Feb 2014
    Location
    'Murica!
    Posts
    336

    Certifications
    CCNP, JNCIP-SEC, JNCSP-SEC, CCNA Security, JNCIS-SP/ENT, ITIL
    #2
    I know one reason is because ASAs don't support BGP. I don't know if any newer ones do, but most customers that I've dealt with have ASAs that don't support BGP.
    Reply With Quote Quote  

  4. Member
    Join Date
    May 2013
    Location
    Jülich, Germany
    Posts
    63

    Certifications
    ASC,CCNA R&S ,CCDA, CHFI, CEH, CCNA SEC, CCAI, CCNP R&S
    #3
    Asa X does

    I always put a router in front ( with hardening ) and than behind the asa!
    Pro: less performanceproblems on the asa
    Con:You need Publicaddresses between router and asa for nat
    Reply With Quote Quote  

  5. Random Member docrice's Avatar
    Join Date
    Apr 2010
    Location
    Bay Area, CA
    Posts
    1,687

    Certifications
    GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, GCFE, GCFA, GMON, OSWP, SFCP, SnortCP, Sec+; expired: CCNA (R&S, Security, Wireless), WCNA
    #4
    Plus if you do some basic filtering on the router interfaces, you reduce the amount of random Internet radiation (automated portscans, etc.) from hitting your firewall and creating excessive log noise, which in turn helps make your logs easier to parse, store, and ultimately read.

    It does mean an additional hardware in the path which can have problems, of course.
    Reply With Quote Quote  

  6. DCD
    DCD is offline
    Senior Member DCD's Avatar
    Join Date
    Jan 2013
    Location
    San Francisco , Ca
    Posts
    437

    Certifications
    CCNA
    #5
    Thanks for the insight.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks