Solved

MPLS Best Practices.  Is it best practice to have an MPLS line going directly to the LAN switch or through a firewall first?

Posted on 2008-10-30
1
883 Views
Last Modified: 2008-11-10
It seems to me you can control traffic using the MPLS router.  We have an MPLS line that connects offices A (us), B and C.  It hits a Sonic firewall on A (us) before it gets into our LAN.

Office "B" is trying to hit our local LAN and it works fine.  

Office "C" wants to hit our LAN and then use our internet gateway to get out to the net.  This doesn't seem to be working when they try to reach the net thru us though.  Is there a better way to accomplish this?



                          SONICWALL           SONIC WALL  
                                   |                              |
Office B-----MPLS------>Office A (us)---------OUR Internet---(office C is trying to go out thru us)
                                               | SONIC WALL
                                            mpls
                                          Office C    



0
Comment
Question by:Sp0cky
1 Comment
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 22842222
Myself, I would personally have the private MPLS come into the switch instead of the Firewall as these are internal sites (unless you want to restrict traffic obviously).  This would also make your Sonicwall policy more simple and take care of the "hairpin" issue you are experiencing with traffic coming into the Firewall outside and going back out the outside interface to the Internet.
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question