Routers for VPN concetrators

Building VPN concetrators based on PAN FWs.  That will serve as VPN site-to-site hub in our data center.

Do I install routers in front of those or just terminate ISP directly into the FWs?  Thoughts?
LVL 17
Who is Participating?
atlas_shudderedSr. Network EngineerCommented:
Let your routers be routers and the firewalls be firewalls.  Terminate your circuits to your routers and let them handle the route tables from your ISP.  They are built for that work and the resources on board a directed in that fashion.  The firewalls can handle the work of terminating your circuits but then they are consuming resources to handle the route tables plus your VPN anchors.  Any performance impacts from the tunnels would then be earlier in the impact, playing out to having to upgrade the firewall equipment earlier than optimal.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.