We have a new requirement to place a firewall between LAN & our US connectivity. I am briefing How my LAN is connected to our US centers.
We have MPLS connectivity between India & our US Data centers. Link is directly connected to WAN Router Gi0/0 and we have made 3 VRFs (VRF Gi0/0.100, Gi0/0.200, Gi0/0.300) and BGP is being run between our WAN router & ISP and WAN router GI0/1 is connected to LAN side on our core switch. On LAN side also we have made 3 VRFs (VRF Gi0/1.100, Gi0/1.200, Gi0/1.300) and on switch 3 vlans (Vlan 100,200,300 ) and running EIGRP between router & core switch.
Whatever subnets we are getting from US Data centers are being redistribute in EIGRP & vice-versa.
Now InfoSec has asked us to secure this by placing FW, so need your suggestions for best way to connect firewall.
I am thinking to connect FW in between WAN router & Core switch, so LAN port on WAN router (Gi0/1) will be connected to FW outside and will create 3 sub-interface on FW with same IP range and same way will connect inside interface to core switch with 3 vlans and will run EIGRP between Router LAN/FW & Core switch.
Have attached existing connectivity diagram.