Internet boundary router before firewall policy requirement

Rayw
Here to help

Internet boundary router before firewall policy requirement

Do any of you have a policy requirement that a boundary router will function as the network perimeter interface and accept traffic from the Internet Service Provider before the firewall? All boundary routers will also implement ingress and egress filtering to protect against IP address spoofing and directed IP broadcasts?

3 Replies 3
alemabrahao
Kind of a big deal
Kind of a big deal

I don't understand your question, can you try to give more details?
 
Do you want to have another layer of firewall?
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Rayw
Here to help

We have a new CISO. he has created a new firewall policy that states all Internet connections first have to have a boundary router with ingress and egress filtering to protect against IP address spoofing and directed IP broadcasts. Then a firewall that does IDS, ACLs and all the firewall protection.  Is this truly a best practice.  Does have one have a  router then a firewall?

 

alemabrahao
Kind of a big deal
Kind of a big deal

It depends a lot on your environment, in our data center for example we have 3 layers of firewall.
 
So it's relative, but security is never too much.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels