11-12-2009 02:10 PM - edited 03-04-2019 06:41 AM
Hello
We are refreshing our network design with keen eye on security. plz advice if all WAN links, VPN,PROXY should be terminated on DMZ to protect.We got ASA 5540 with default ports. Today each service is running on different box and hits core directly.
WAN Router connected to CoreSwitch
ASA firewall connected to CoreSwitch
Wireless LANController Connected to coreSwitch
VPN Router Connected to CoreSwitch
WAN, VPN, Wireless,Proxy Traffic dont pass the firewall
Web Publishing services,SSL VPN passes the firewal
any suggestion and cisco documentation refrence
11-12-2009 02:19 PM
Pratik
Here's a link to the security design docs/guides from Cisco -
http://www.cisco.com/en/US/netsol/ns744/networking_solutions_program_home.html
In answer to your questions -
WAN - doesn't need to go through firewall as long as your WAN is trusted ie. all the remote sites
VPN - should be firewalled
Wireless - again if possible should be firewalled
Proxy traffic - not sure which direction you mean but should really be firewalled in either direction.
Jon
11-12-2009 02:47 PM
very helpful link Jon.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide