Author Topic: Should WX be deployed behind or in front of the Firewall/EdgeRouter?  (Read 6581 times)

haze

  • Full Member
  • ***
  • Posts: 155
  • Karma: +0/-0
    • View Profile
Hi,
I have a question regarding the deployment of WX.
Which is better? to put it in front of the edge Firewall/Router or behind it?
Will it change the source ip address of compressed subnets?
Thanks.


screenie.

  • Global Moderator
  • Atomic Playboy
  • *****
  • Posts: 1315
  • Karma: +1/-0
    • View Profile
Re: Should WX be deployed behind or in front of the Firewall/EdgeRouter?
« Reply #1 on: November 29, 2008, 03:18:14 pm »
I'd say behind: You don't want every thing to be natted. Device protected by firewall.
Regards, Screenie
------------------------
JNSS, JNCIA, JNCIS, JNCIP, JNCI

haze

  • Full Member
  • ***
  • Posts: 155
  • Karma: +0/-0
    • View Profile
Re: Should WX be deployed behind or in front of the Firewall/EdgeRouter?
« Reply #2 on: November 29, 2008, 11:28:53 pm »
But what happens to source ip address of packet? will the WX replace it with its ip?
Can i restrict traffic from certain ip addresses to the remote network with firewall policies?
Thank you very much.

aweck

  • Sr. Member
  • ****
  • Posts: 433
  • Karma: +0/-0
    • View Profile
    • HIC Networks
Re: Should WX be deployed behind or in front of the Firewall/EdgeRouter?
« Reply #3 on: November 30, 2008, 09:16:06 am »
The source IP is configurable depending on what tunnelling method you choose on the WX.  The big argument for putting the WX behind the firewall is if you have any site-to-site VPN's on which you wish to perform compression.  Encrypted packets shouldn't be compressed as it offers little compression gain.
JNCIE-ER #63, JNCIE-M #705, JNCIE-SEC, JNCIS-FWV, JNCIS-SSL
http://www.hicnetworks.com/

Capt_Winters

  • Sr. Member
  • ****
  • Posts: 320
  • Karma: +0/-0
    • View Profile
Re: Should WX be deployed behind or in front of the Firewall/EdgeRouter?
« Reply #4 on: November 23, 2009, 07:56:29 pm »
hi...im planning to deploy wxc behind a cisco firewall...

are there any issues ? i only want to compress the http traffic
im just wondering if what happens to the tunnel if there's a NAT on the firewall..

what will be the behavior of the traffic / or the tunnel behind a NAT