firewall and network segment question

dlee_gmail · ‎07-01-2010

hi! based on the diagram i attached. In the internal network can i configure everything to be in the on segment and one vlan? I just want to have a simple setup in the branch office, that enable internet traffic to go through the optical link and corporate resources access to go through the adsl vpn. or if possible internet access to go through the adsl/vpn link as well.

In this case i'm thinking of disabling vlan 1 and configure only one vlan for the entire LAN (flat network).

Is that possible with 2 firewalls connection and based on my requirements above?

thx

Jennifer Halim · ‎07-01-2010

OK, base on your diagram, it would be best to just have 1 firewall since you do not have a router/L3 switch in your internal network that can do the routing to 2 firewalls.

I believe your preference would be to route everything towards the VPN/ADSL connection?

If you would like to route traffic towards 2 firewalls, ie: one for internet connection and the other for vpn traffic, then you would need to have a router/L3 switch to route the traffic accordingly as follows:

- Traffic towards the internet would have default route/default gateway configured towards the first firewall (for internet connectivity).

- Traffic towards the VPN would have specific routes (remote/HQ LAN subnets) configured to point towards the second firewall (for vpn connectivity).

Hope that helps.