Network design question

p.choi · ‎10-09-2003

This should be a relatively easy question:

We currently have a single 150 user Class C network-192.168.1.x that is quickly being used up.

In response to increased growth, we have decided to add additional networks and implement routing.

However, our firewall going out to the Internet is configured with ip address 192.168.1.1.

Question is:

Since we will need to use 192.168.1.1 address for our router interface, where does that leave the firewall?

Would it be a good idea to place the firewall on it's own network?

Let me know if you need more details.

thisisshanky · ‎10-09-2003

You could place the router in between the hosts and the firewall, and reassign the subnets on the firewall = router side.

Internet

|

Firewall

|192.168.2.1

|

|192.168.2.2

Router

|192.168.1.1

|192.168.3.1 (secondary)

|

Internal network (192.168.1.0, 192.168.3.0)

Note that this config. needs a router with 2 ethernet interfaces.

Note that 192.168.3.0 was added as secondary, so that you can expand the number of hosts.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

Keyurp · ‎10-09-2003

You can put the firewall in front of the DMZ. Meaning that any traffic coming in will first have to go through a firewall and any traffic going out will have to go through a firewall also before it goes out to the internet.