Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

DMZ layer design review

Hello,

I would appreciate if some can share their experience/problems with below design between Core-Firewall-DMZ-Aggregation setup.

1. There is a Layer-3 connectivity between core and firewall segments with L3 point-to-point links running OSPF. The active firewall(FW-A) forms ospf neighborship with Core-A and similarly FW-B forms ospf neighborship with Core-B and Core-A / Core-B form ospf neighborship.

2. Aggregation switch and Firewall are connected over L2 trunks and OSPF is running over SVIs (VLAN 13 / bcast segment), Aggregation switch-A is elected as DR and Aggregation switch-B is BDR, both firewalls have configured ospf priority to zero. FW-A(active) forms ospf adjacency with Aggregation-A and Aggregation-B, and each Aggregation switch forms ospf neighborship with the active firewall only.

Is there any chance that the broadcast network b/w Aggregation switch and Firewall can cause any problem when any of the aggregation switch reloads.

I have attached a rough sketch for better understanding.

Regards,

Akhtar

Everyone's tags (3)
612
Views
0
Helpful
0
Replies
CreatePlease to create content