Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
327
Views
0
Helpful
2
Replies

LAN design help and question

Eric Boadu
Level 1
Level 1

‎06-28-2010 12:06 PM - edited ‎03-11-2019 11:04 AM

I have been instructed to put firewall in front of servers that connected to LAN switch. I do not manage this switch it manages by another team. All four servers are connected to separate VLAN on the switch with 1Gig speed. Server A: 10.10.5.x. Server B: 10.10.10.x. Server C: 10.10.15.x. Server D: 10.10.20.x

Does anyone configure this scenario before?

I don’t see how I can make this work by putting firewall in-between.

Current design:

ISP router/firewall>>>LAN switch>>>Servers. This looks fine to me.

Propose requirement: Cisco firewall 5520 will be use.

ISP router/firewall>>LAN switch>>firewall>>>switch>>>Servers.

How can I make this work? Please this is not a joke and need your advice.

I don’t think it is possible.

Thanks,

Eric

Labels:
0 Helpful
2 Replies 2

will
Level 3
Level 3

‎06-28-2010 12:48 PM

Hey Eric, Based on your message, I am not sure which problem you trying to solve:

1) Multiple VLAN's into one firewall: you can used one interface with 802.1Q trunking on the firewall and switch to segment out the VLAN's. You have 4 x 1GB + 1x100Mb on the 5520 so you would probably have to configure at least one trunk on one of the Gb interfaces. You may have a bottleneck issue on the Gb interface so probably best to configure this for the two least used server subnets.

2) Speed limitation: The 5520 has a max FW throughput of 450 Mbps. So if you are worried about the 4 Gb servers maxing out the connection, then you have to increase the size of the firewall.

In general, I am wondering myself about item 2 above, in a design which places a firewall at the core of the network. Firewall's just don't seem to be big enough (at a reasonable cost) to do this yet. If anyone has ideas, let me know.

0 Helpful

Eric Boadu
Level 1
Level 1
In response to will

‎06-28-2010 01:37 PM

Thank you Will and will test your idea out first. Also, looking into trensparent mode configuration. My issue is these servers belongs to three separate vlan subnet.

campus switch>>>5520 firewall>>another switch>>servers. Looking to implement

as it stand currently: campus switch>>>servers. each with 1Gig speed to the switch.

Thanks,

Eric

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card