Meraki Community

Rayw · ‎Jul 14 2023

Do any of you have a policy requirement that a boundary router will function as the network perimeter interface and accept traffic from the Internet Service Provider before the firewall? All boundary routers will also implement ingress and egress filtering to protect against IP address spoofing and directed IP broadcasts?

alemabrahao · ‎Jul 14 2023

I don't understand your question, can you try to give more details?

Do you want to have another layer of firewall?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Rayw · ‎Jul 14 2023

We have a new CISO. he has created a new firewall policy that states all Internet connections first have to have a boundary router with ingress and egress filtering to protect against IP address spoofing and directed IP broadcasts. Then a firewall that does IDS, ACLs and all the firewall protection. Is this truly a best practice. Does have one have a router then a firewall?

alemabrahao · ‎Jul 14 2023

It depends a lot on your environment, in our data center for example we have 3 layers of firewall.

So it's relative, but security is never too much.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Meraki Community

Internet boundary router before firewall policy requirement

Internet boundary router before firewall policy requirement