FW Implementation - Design

Unanswered Question
Mar 6th, 2008

Hi All,

Please look into the attached Diagram. We have got some 3640 routers and 7507 BG router with Public Networks A throuh I as mentioned in the Diagram.

We are looking to introdue a Cisco ASA 5500 into the network for the Public Networks A through E and I and H. Public Networks F and G will not be behind the FW post implmentation.

We are thinking of introducing a Cisco 3560G-24 Switches to do the job.The implementation will also offload the Public Networks F and G from the BG(Border Gateway).

Please give me some inputs on this.

Regards

Subra4u

I am little confused on where to place the FW because the Implementation should be a first step for a near future redundant setup in terms of connectivity and HW.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Mohamed Sobair Thu, 03/06/2008 - 07:55

Hi,

The appropriate setup is to place a Firewall behind the GW which connects to the internet.

Could you clarify why Public Networks F/G is not behind a FW, and what is the rest of the public Networks represent.

HTH

Mohamed

subra4u Thu, 03/06/2008 - 08:06

Hi,

Thanks for your response.

Public Networks F and G are Media (meaning voice)

Other Public Networks are for Data.Each Public network is atleast a /24 subnet.

Do we really need two L3 switches for deploy this ?

The BG router can only do Fibre Gigabit and not copper.

Thanks in Advance.

Regards

Subra4u

Danilo Dy Thu, 03/06/2008 - 08:15

Hi,

Your planned setup is okay. No, you don't need a L3 Switch. Most firewall nowadays support 802.1Q trunking.

If budget is tight, you can use one L2 switch for initial setup (use VLANs), that is if the L2 switch has enough ports to connect the firewall, BG router, and A to I. Else you really need 2 x L2 switches, one that supports SFP for Fibre GE and other media to connect BG router, Firewall and F & G.

Regards,

Dandy

subra4u Thu, 03/06/2008 - 08:46

Hi Medan,

Thanks for the quick response.

With the current setup can we add additional link from the BG and connect it to another switch and run HSRP to bring failover.

Thanks & Regards

Sundar

Actions

This Discussion