06-28-2010 12:06 PM - edited 03-11-2019 11:04 AM
I have been instructed to put firewall in front of servers that connected to LAN switch. I do not manage this switch it manages by another team. All four servers are connected to separate VLAN on the switch with 1Gig speed. Server A: 10.10.5.x. Server B: 10.10.10.x. Server C: 10.10.15.x. Server D: 10.10.20.x
Does anyone configure this scenario before?
I don’t see how I can make this work by putting firewall in-between.
Current design:
ISP router/firewall>>>LAN switch>>>Servers. This looks fine to me.
Propose requirement: Cisco firewall 5520 will be use.
ISP router/firewall>>LAN switch>>firewall>>>switch>>>Servers.
How can I make this work? Please this is not a joke and need your advice.
I don’t think it is possible.
Thanks,
Eric
06-28-2010 12:48 PM
Hey Eric, Based on your message, I am not sure which problem you trying to solve:
1) Multiple VLAN's into one firewall: you can used one interface with 802.1Q trunking on the firewall and switch to segment out the VLAN's. You have 4 x 1GB + 1x100Mb on the 5520 so you would probably have to configure at least one trunk on one of the Gb interfaces. You may have a bottleneck issue on the Gb interface so probably best to configure this for the two least used server subnets.
2) Speed limitation: The 5520 has a max FW throughput of 450 Mbps. So if you are worried about the 4 Gb servers maxing out the connection, then you have to increase the size of the firewall.
In general, I am wondering myself about item 2 above, in a design which places a firewall at the core of the network. Firewall's just don't seem to be big enough (at a reasonable cost) to do this yet. If anyone has ideas, let me know.
06-28-2010 01:37 PM
Thank you Will and will test your idea out first. Also, looking into trensparent mode configuration. My issue is these servers belongs to three separate vlan subnet.
campus switch>>>5520 firewall>>another switch>>servers. Looking to implement
as it stand currently: campus switch>>>servers. each with 1Gig speed to the switch.
Thanks,
Eric
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide