LAN design help and question

Unanswered Question
Jun 28th, 2010
User Badges:

I have been instructed to put firewall in front of servers that connected to LAN switch. I do not manage this switch it manages by another team. All four servers are connected to separate VLAN on the switch with 1Gig speed. Server A: 10.10.5.x. Server B: 10.10.10.x. Server C: 10.10.15.x. Server D: 10.10.20.x

Does anyone configure this scenario before?

I don’t see how I can make this work by putting firewall in-between.

Current design:

ISP router/firewall>>>LAN switch>>>Servers. This looks fine to me.

Propose requirement: Cisco firewall 5520 will be use.

ISP router/firewall>>LAN switch>>firewall>>>switch>>>Servers.

How can I make this work? Please this is not a joke and need your advice.

I don’t think it is possible.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

Hey Eric, Based on your message, I am not sure which problem you trying to solve:

1) Multiple VLAN's into one firewall: you can used one interface with 802.1Q trunking on the firewall and switch to segment out the VLAN's. You have 4 x 1GB + 1x100Mb on the 5520 so you would probably have to configure at least one trunk on one of the Gb interfaces. You may have a bottleneck issue on the Gb interface so probably best to configure this for the two least used server subnets.

2) Speed limitation: The 5520 has a max FW throughput of 450 Mbps. So if you are worried about the 4 Gb servers maxing out the connection, then you have to increase the size of the firewall.

In general, I am wondering myself about item 2 above, in a design which places a firewall at the core of the network. Firewall's just don't seem to be big enough (at a reasonable cost) to do this yet. If anyone has ideas, let me know.

Eric Boadu Mon, 06/28/2010 - 13:37
User Badges:

Thank you Will and will test your idea out first. Also, looking into trensparent mode configuration. My issue is these servers belongs to three separate vlan subnet.

campus switch>>>5520 firewall>>another switch>>servers. Looking to implement

as it stand currently: campus switch>>>servers. each with 1Gig speed to the switch.




This Discussion