Recently I've installed a cisco firewall on my network (model isa550). But I have a problem. On my network I have optical fiber so the ethernet cable goes from the optical network termination to the router. Where I have to connect the firewall? I mean.. the WAN port of the router is busy.. so.. I have to connect the firewall to a LAN port? (the router is a comtrend).

The fact is that I have connected the firewall to a LAN port of the router.. but it doesn't works as it should.

If anyone has any idea please tell me :)


If the router is functioning as your perimeter device connecting your WAN to your LAN, yes I'd see the firewall connected to your LAN port since the WAN port is being connected to your provider.

What exactly doesn't work? Did you set up the interfaces correctly on the router and firewall? Can you at the very minimum ping the firewall interface from the router?

Hello, thanks for your answer!

I'll try to explain myself better than before:
What doesn't work is that the firewall doesn't filters the traffic. I mean, the traffic gets into the firewall but instead of going out for the WAN port, it goes out for the LAN port to the router.

WAN port goes to a LAN port of the router. (this isn't working, this should filters the traffic but it doesn't).
LAN port goes to another LAN port of the router (this catches internet from the router)
LAN port that goes to another switch that has computers.

WAN that goes to the ONT (optical network termination)
LAN that goes to the WAN port of the firewall.
LAN that goes to a LAN port of the firewall.

All the computers has internet because of the connection LAN(firewall)-LAN(router) but the firewall doesn't filters anything.. I don't know what to do..

Do you have any idea?

Thanks a lot.

Usually, an in line firewall would sit between the router and internal lan such that:
Router -> Firewall WAN port -> Firewall -> Firewall LAN port -> internal lan.

All internal hosts would use the Firewall LAN port as the new default gateway. You would want to setup a new subnet for the router to firewall connections so it is distinct from the inside network.

You could also setup a "Firewall on a stick" where 1 connection to the router has 2 vlans defined and traffic is separated that way.

Did you take jorgeM's advice and do basic ping tests?