Bayt.com

Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

What is better to establish your VPN on the level of firewall or router, if the firewall is the first wan interface?

VPN Telecommunications Data Center Network Administration IT Management
user-image
Question added by Mohamed Rafie , IT Manager , Green Valley Oil Service
Date Posted: 2013/07/20
Upvote (4) Views (69) Followers (6) Answers (9) Report Question
Write an Answer
Register now or log in to answer.
Anas Anbtawi
by Anas Anbtawi , IT Solutions Presales Manager , Advice Technologies

From my point of view , it's better to implement it on firewall , since the encryption and decryption capabilities is huge and good at the same time , in case you the VPN connection is done through a router behind a firewall , this mean the the firewall will only be able to see the encrypted traffic and will not be able to understand it , for example if a user on one of the two sides is sending a virus to other side the firewall will not be able to inspect it ,even if he has a gateway antivirus and so you will lose the security capabilities that he has .

Aqeel Imran
by Aqeel Imran , IT support Engineering , Saudi Border Guard ( Arabic Computer systems)

yes rite share the load if more vpn connection than better let the firewall do the job

firewall does have knowledge of routing the package

it will take the load and if under brute force atleast would only have open vpn ports to play with not multiple options if it getpassed by firewall to routers an then more security holes are explored

Deleted user
by Deleted user

Straight and simple answer - build your VPN over your router and let your firewall handle the security issues of your network coz thats what is mainly for.
Router - routes your traffic; Firewall - filters your traffic.
("K.I.S.S.')

Zeeshan Muhammad
by Zeeshan Muhammad , Manager Technical , Maskatiya Solutions

It depends on how u want to configure your VPN, is site-to-site, multi-site or just remote clients accessing your network through vpn.
It is also depends firewall/ router harware capability, cpu, ram etc.
If firewall hardware is capable enough to handle your vpn tunnels then go for it, it will add security plus manageability for your network and vpn.

Ahmed Zamel
by Ahmed Zamel , Senior Project Manager/PMO Consultant , Iltizaam

Due to my expertise …..
Site-to-site IPsec VPN on the firewall is the best to protect you from any authentication or connection problems headache in addition to give you more capabilities to control the traffic (by QOS, traffic shaping…)

manpreet singh
by manpreet singh , Network Support Engineer , NetMax Technologies Pvt. Ltd

it depends what type of vpn are you using in your network .
some type of vpn's are supported on particular platform before establishing vpn on any device first u need to check the behavior of that device .
u need to chek memory , cpu of the device because vpn device need to encrypt and decrypt the data , if your device have low processing power it may delay your packet processing.
u need to add vpn accelerator .
Also don't put additional overhead on your device like QoS implementation etc.
if your device have low processing power.
u can use any type of device (router or firewall ) for vpn bot are stable..
if you are using CISCO devices please check cisco feature navigator to know services supported on your platform .

Ali Syed
by Ali Syed , Head of I.T , Eastdelta

What I understand is that you are asking about the medium to select for configuring VPN's.
Firewall or router? and if your firewall is also routing your traffic.
It depends on you.
because router and firewall both of them will only act as the medium for connecting your networks through VPN.
Your VPN security only depends on the type of protocol and encryption you are using.
generally they are fall under these categories low level, medium and high level.
types of protocols PPTP (least secure) L2TP and IPSEC SSL The types of VPN's are site-to-site and through client software.
site-to-site means you are configuring on router or firewall on both sites and allowing both side subnets to access each other, vpn client software means, you are using the vpn cleint software and connecting to your network through this software.
Generally you are using it if you don’t have any public ips.
Through client software you are not depending on ISP or any configuration.
You can connect to your network from anywhere in the world.
BDW.
Just for your information you can visit my website http://itmag.weebly.com Under VPN-tunnels you will find the video on configuring VPN tunnels.
i configured site-to-site (IPSEC)On one end I configure VPN on firewall and on other end i use cisco router.
Hope this will clarify your concerns.

Anirban Sam
by Anirban Sam , Manager IT Infrastructure/Internet Operations , Riyam Computer Services LLC. (OMZEST Group)

Firewall is best, most secure and flexible access control for VPN. Can implement key & certificates as well.

Deleted user
by Deleted user

You didn't clear whether the requirement is of an SSL VPN or a site to site IPsec VPN.
site to site can be built on either of the devices.
if you are doing a huge number of VPN connection then you must check your router if it has VPN module to support the need.
Firewall are usually a specialzed box dedicated and capable of doing high number of People you can do route based as well as policy based VPN on firewall more easily and efficiently.
Many people just use firewall for all their security, VPN and routing demand; no router in that case.
- Hiraman

Write Your Answer
More Questions Like This