Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Firewall Access Design
Firewalls can be connected as follows:
- (Recommended) Firewalls are connected to border or server leaf nodes in bypass mode at both sides.
- Firewalls are deployed between border leaf nodes and PEs.
In Figure 1, firewalls are connected to border or server leaf nodes in bypass mode at both sides (firewalls are connected to spine nodes or server leaf nodes at both sides when border leaf nodes and spine nodes are converged). The network topology is simple, so the configuration and deployment are simplified. In addition, firewalls can be extended when devices in the gateway group increase, and security policies can be flexibly deployed.
This deployment is recommended.
