Hello everyone I'm looking for some design advice. (see attached picture for a rudimentary drawing of the setup) We have a project that we aren't quite ready to dedicate a lot of hardware resources to but the requirements are that this endeavor have a separate Internet connection and firewall. We do, however need to maintain connectivity to the already existing networks. My thought was we would create a separate VLAN for this network off of our Layer 3 switch. This network would then have a dedicated firewall that will also eventually have a DMZ as well. Here is my question:
Obviously we can't have two default routes in the core switch for internet traffic to keep each network utilizing it's respective internet connection. That said to maintain different internet connections on each network, I must change the default gateway for each host in the 300 network to 300.300.300.254. Obviously that then disconnects me from all of the other networks attached to the core switch. I realize that I can add static routes to each host in the 300 network for all of the other networks but this seems like a management nightmare and simply an inefficient way to do this.
So my question is, knowing the firewall in the 300 network won't route (nor would I want it to) traffic, short of static routes at each host, how do I regain connectivity to all other networks with this current setup? Does anyone have any suggestions for a better setup?
Thanks in advance for any assistance!