×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

DMZ layer design review

Unanswered Question
Jul 9th, 2012
User Badges:

Hello,


I would appreciate if some can share their experience/problems with below design between Core-Firewall-DMZ-Aggregation setup.


1. There is a Layer-3 connectivity between core and firewall segments with L3 point-to-point links running OSPF. The active firewall(FW-A) forms ospf neighborship with Core-A and similarly FW-B forms ospf neighborship with Core-B and Core-A / Core-B form ospf neighborship.


2. Aggregation switch and Firewall are connected over L2 trunks and OSPF is running over SVIs (VLAN 13 / bcast segment), Aggregation switch-A is elected as DR and Aggregation switch-B is BDR, both firewalls have configured ospf priority to zero. FW-A(active) forms ospf adjacency with Aggregation-A and Aggregation-B, and each Aggregation switch forms ospf neighborship with the active firewall only.


Is there any chance that the broadcast network b/w Aggregation switch and Firewall can cause any problem when any of the aggregation switch reloads.


I have attached a rough sketch for better understanding.


Regards,


Akhtar

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.