?
Solved

MPLS Best Practices.  Is it best practice to have an MPLS line going directly to the LAN switch or through a firewall first?

Posted on 2008-10-30
1
Medium Priority
?
893 Views
Last Modified: 2008-11-10
It seems to me you can control traffic using the MPLS router.  We have an MPLS line that connects offices A (us), B and C.  It hits a Sonic firewall on A (us) before it gets into our LAN.

Office "B" is trying to hit our local LAN and it works fine.  

Office "C" wants to hit our LAN and then use our internet gateway to get out to the net.  This doesn't seem to be working when they try to reach the net thru us though.  Is there a better way to accomplish this?



                          SONICWALL           SONIC WALL  
                                   |                              |
Office B-----MPLS------>Office A (us)---------OUR Internet---(office C is trying to go out thru us)
                                               | SONIC WALL
                                            mpls
                                          Office C    



0
Comment
Question by:Sp0cky
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 2000 total points
ID: 22842222
Myself, I would personally have the private MPLS come into the switch instead of the Firewall as these are internal sites (unless you want to restrict traffic obviously).  This would also make your Sonicwall policy more simple and take care of the "hairpin" issue you are experiencing with traffic coming into the Firewall outside and going back out the outside interface to the Internet.
0

Featured Post

Get proactive database performance tuning online

At Percona’s web store you can order full Percona Database Performance Audit in minutes. Find out the health of your database, and how to improve it. Pay online with a credit card. Improve your database performance now!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Is your computer hacked? learn how to detect and delete malware in your PC
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question