Should WX be deployed behind or in front of the Firewall/EdgeRouter?

  • Hi,
    I have a question regarding the deployment of WX.
    Which is better? to put it in front of the edge Firewall/Router or behind it?
    Will it change the source ip address of compressed subnets?

  • hi…im planning to deploy wxc behind a cisco firewall…

    are there any issues ? i only want to compress the http traffic
    im just wondering if what happens to the tunnel if there’s a NAT on the firewall…

    what will be the behavior of the traffic / or the tunnel behind a NAT

  • The source IP is configurable depending on what tunnelling method you choose on the WX.  The big argument for putting the WX behind the firewall is if you have any site-to-site VPN’s on which you wish to perform compression.  Encrypted packets shouldn’t be compressed as it offers little compression gain.

  • But what happens to source ip address of packet? will the WX replace it with its ip?
    Can i restrict traffic from certain ip addresses to the remote network with firewall policies?
    Thank you very much.

  • Global Moderator

    I’d say behind: You don’t want every thing to be natted. Device protected by firewall.