Small business network security question:
I have a Cisco ISR 4331 connected to two ISP’s: Cable-based ISP (Spectrum Business) is primary ISP (AD = 1); Cellular (AT&T Business) connection for failover (AD = 2). I have configured the ISR with a Zone-based firewall (Inside, DMZ and Outside zones).
Now want to add a Cisco NGFW to provide intrusion protection, Cisco Talos updates, etc.
The 4G LTE cellular module is installed in the ISR and the cable-based ISP is connected to G0/0/0.
Question: Any suggestions for how to route the inbound and outbound traffic from the cellular connection through a NGFW? In other words, I can physically place the NGFW between the router and the cable-based ISP connection. But I am unsure how to leverage a NGFW to protect the cellular traffic (since the cellular module is installed in the ISR 4331). Is there someway to hairpin the cellular traffic through the NGFW before it reaches or leaves the network (as well as protect data/control/management planes)?
Perhaps I need to use a different solution than an external NGFW?
Any suggestions appreciated!