Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Zones Designing in firewall

Hello Experts

We have core firewall in datacenter. We have web servers (front end), application servers (middle end) and database servers (backupend) and backup appliances. The OS is a mix of windows/linux

What is the best practice to design the zones in this enviornment for good security. I means lets say putting all web servers in one zone, application servers in second zone and database server in another zone and backup appliances in sepearte zone?

1- But what about security of say application to application servers?

2- And sometimes I heard application to database does not like firewall?

3- Similary backup appliance to servers huge traffic passing through firewall?

4- Also OS is of different type. Should I also consider to put same OS in same zone?

Appreciate the input

VIP Green

Zones Designing in firewall

It would be best if you were able to separtate all services into seperate zones, but this isn't always possible.  I would suggest putting all frontend servers in one zone,  and all other servers (backend, database, and backup servers) in a second zone.  Then restrict required access by using ACLs and make sure that traffic is explicitly permited, do not allow permit IP any any or even permit IP any to server IP.  Specify which ports should be allowed to access the various servers.

Please remember to rate and select a correct answer


Please remember to rate and select a correct answer
CreatePlease to create content