02-10-2017 01:39 PM
I'm setting up a PAN firewall between our company and our business partners who have direct connections to our LAN. My idea was to use v-wire but some of our other network administrators say it would be too difficult to troubleshoot. What are the pros and cons of using v-wire versus just setting up a L3 interface?
02-12-2017 05:12 AM
The pro, you can have L3-L4 firewall, App-ID visability, ACC, (Threat protection, URL Filtering) and LOGs instantly without making any "major" network changes (ie, re-ip all devices, cabling, etc) . All you need to do is to re-run couple of wires (depends on your network design).
Some other people consider vwire is more secured, because the attacker can't see the firewall mac address at all. It could be a curse or a blessing. I can't say. But it is another option to consider.
Just make sure you understand the spanning tree design consideraton,
Cisco Link aggregation traffic,
02-13-2017 09:09 AM
@svanarts; The advantage of v-wire is that there really isn't anything additional to troubleshoot. You'll still get all of the same alerts through the managmenet interface; you never actually see the firewall on the network, and you can still take actions to actually stop the connections.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!