I have a challenge recently to come out with a network design.
From the upstream, each customer will need a need to be in a VLAN so that the upstream provider can rate limit the customer per vlan. My network will consist of a DMZ zone (1 firewalls and 1 switch) and a Private zone (1 firewall 1 switch). The DMZ zone will use the IP addresses that the upstream has provided and the Private zone will use internal IP addresses. The servers DMZ zone will need to talk to the Private zone servers and vice verse.
Any suggestion on the detail on how to proceed with this setup? Below is the simple network diagram on the setup
DMZ switch ---- Customer A (VLAN 1)
| ---- Customer B (VLAN 2)
Private switch --- Customer A(VLAN 110)
--- Customer B (VLAN 120)
as i told you you can configure the firewall in multiple contexts
i mean the DMZ firewall
internally you can have two subinterface or two differnt interface each in differnt VLAN
externally to the upstream router you will have a trunk link in other words interface with two sub interfaces
with multiple context you will have like two virtual firewalls each vlan/customer will use a context with differnt I subnet also differnt firewall policies
in this case there will be two inside IP address of the DMZ firewall each one will be the next hop of one customer for the default route
for communication with internal network use as you mentioned a route point to the private firewall
if helpful Rate