Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

internal firewall for Data-Center

Hello...I am working on a project to allocate some protection to segregate the Data-center A from the rest of user community. and there are some requirements:

1) this data-center A do not have internet connection directly, but it can access the internet via another data-center B.

2) each server in data-center A will be access from the user community only specific ports/protocols open.

3) each server in data-center A will be fully open to data-center B.

4) ideally, the IP address of each server in data-center A will not be changed after put this internal firewall.

5) the servers are Windows 2003 for file server, printer server, exchange server, SQL server, Web server and the regional domain controller (DC).

6) the main DC and Exchange are located in data-center B.

7) the data-center are split into 2 networks, one for production, the other is QA.

8) we have no direct controll on data-center B.

My questions is that: what kind of Cisco product can achieve this request?



Community Member

Re: internal firewall for Data-Center

You should be able to do this with a 515E with additional NIC interfaces. The interfaces would be as followed (if i understand correctly):

1. Link to Datacenter B

2. Link to Datacenter A Production

3. Link to Datacenter A QA

4. Link to User Segment

Everything else would be ACL's between the different segments.

CreatePlease to create content