I am currently planning a small data centre design around the standard access, distribution and core model.
Servers will be racked in standard rack ranges accompanied with a layer 2 switch per rack row. These will connect to a redundant pair of layer 3 switches in order to do interVLAN routing. This will point to two redundant firewalls that will in turn point to a pair of routers.
We offer two types of firewall, shared firewall which we allocate the customer access lists on our own in house firewall, or dedicated where the customer can order a firewall and get it racked for their servers to sit behind.
My question is if one of our customers purchases say a Cisco ASA 5505 firewall for use of their servers, how would this be implemented in the design? It would have to skip the hop of our in house firewall and be able to hit the router.
I considered getting a routed port at the distribution layer switch to go straight to the router and pointing the customer's firewall default route towards this.
The only problem is that the outside interface of the customer's firewall will have an external IP, whereas the routed port on the L3 switch would be internal, would I just have to make this external so it can flow through to the router?
Would this also cause bandwidth issues as more customers who buy firewalls are tunnelling this one route out to the router.
Yes customer must have access to the internet and be able to communicate each other, I would just like customers behind their own dedicated firewall to take a path which bypasses the in-house firewall straight to the router.
Would this require a separate cable from the distribution switch to go straight to the router and then used policy based routing on this?
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...