Firewall behind peplink controlling and filtering traffic


#1

Hey Guys,

In my topology I have decided to put the firewall bhind peplink which will handle filtering and controlling the inbound as well as outbound traffic and I let peplink only do Natting. Is this sufficient? Since I have my VPN tunnels on firewall I guess I just need to static NAT the firewall private IP right?Or would you suggest me to provide one public IP from WAN Switch?

Will submit the topology shortly. Do let me know if this topology is worth implementing? I mean its simple remove all natting part from firewall that is and let firewall only do routing part

INTERNET===> PepLink===>FIREWALL===> LAN and Other Interface DMZ


#2

Peplink offers a perfect solution for this scenario. If there is an existing firewall, a drop-in mode deployment would be best. The following knowledge base articles will help to determine if this is right for you:


#3

We wanted our Balance units to be directly connected to our ISPs’ connections with nothing in place between our ISPs and our Peplinks. To me this just seems like an easier, cleaner, scenario to set up and manage. We then put our non-routing anti-malware devices just inside of our Peplinks at each site. Our anti-malware devices operate as basic switches that simply pass everything through in both directions, except for malware or other content we’ve told them not to pass, of course. So far so good.


#4

So Ralph you do not have any firewall at LAN side? And Peplink is the only box protecting hosts?

And Ron; would it be possible to use DNS Domain delegation with Drop-in mode?


#5

Peplinks and anti-malware devices are the only boxes protecting hosts. I don’t think anything would be gained by having multiple firewalls per site.


#6

Yes, the Balance can be the authoritative DNS server for your domain with a drop-in mode deployment. If there are many inbound services, it may be desirable to keep the existing firewall in place for an easy Peplink installation.