Just after some opinions or, even better, experience.
The web proxy server where I work currently exists within the organisations internal LAN structure (ie. traffic going to the proxy server from within the organisation does not cross the firewall). I'm wanting to move the proxy server into the security zone where the rest of our public-facing services live - notionally the DMZ. However, this will mean that all traffic from the internal networks going to the internet will cross the firewall twice in each direction, instead of once. For example:
Internal networks --> Proxy --> [ Firewall ] --> Internet
We're going through the process of upgrading the proxy server hardware at the moment, but an important point that I left out is probably that we're 100Mbps to the desktop for all clients and that the speed of our internet connection is only 100Mbps also. As we expand however, the speed of the internet connection will certainly grow to 1Gbps and beyond.
Currently, and for the near future, the proxy has one NIC connected to a 1Gbps interface on a switch in the data centre.
I'm interested in whether making this change now would have any discernable effect from the perspective of our users, as well as whether the firewall can handle it (which it probably can, given the backplane connections you've mentioned).
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :