Solved

Best practice for VPLS service

Posted on 2013-11-16
1
802 Views
Last Modified: 2013-11-17
I am wondering what the best practice is for a VPLS connection.  Since the connection is a VPN LAN on the same LAN segment as my network is it really necessary to have a firewall between the VPLS end point and my network edge?

Thanks for any help...

Jerry
0
Comment
Question by:adminjam
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 39654180
there is some good discussion in this forum, primarily the FW filter for authorised protocol and permitted traffic. VPLS create that secure tunnel that all, also the local LAN should be segregated prior to the external facing of other site VPN LANs..

https://supportforums.cisco.com/thread/2171058

Your Firewalls at both Sites Can be placed at the WAN connecting between sits, use Multi-VRF lite in your internal LAN for both sites. this ensures segmentation and path isolation between the Small offices Locally. On both Firewalls, you Can Only allow VOIP communication between Sites and add permissions as per your requirement.

it would be good to place a FW in the LAN of each site, even if you dont have a L3 Switch locally to perform the Inter-Vlan routing between Offices, You Can then Leave this functionality to the Firewall, with right Access permition & (Security Level), a FW can do routing between your internal.

FW can do specific filter against VPLS too...overall is to tighen and not be reliant on one layer which can be just encrypted tunnels pt to pt only.

http://www.juniper.net/techpubs/en_US/junos/topics/reference/general/firewall-filter-match-conditions-for-vpls-traffic.html
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
managing a small network 6 112
macOS Sierra encrypting with FileVault what is this? how to stop it? 5 438
Security perspectives to assess for APIs 1 72
bitlocker- locked out 8 48
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question