Firewall Access Design
Firewalls can be connected as follows:
- (Recommended) Firewalls are connected to gateways in bypass mode at both sides.
- Firewalls are connected to service leaf nodes.
- Firewalls are deployed between gateways and PEs.
In Figure 1, firewalls are connected to gateways in bypass mode at both sides. The network topology is simple, so the configuration and deployment are simplified. In addition, firewalls can be extended when devices in the gateway group increase, and security policies can be flexibly deployed.
This access solution is recommended.