Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Advice on Network Design


Could someone offer me some advice on the network design (see attached).

Do you think having a front end firewall and backend firewall is a good option?

Is this best practice? How many servers could I support in one switch module without affecting performance?

Any help will be rated.



New Member

Re: Advice on Network Design

Hi Gavin,

yes having a front end as well back end firewall is securing the network in robust way. via front end we are blocking unwanted traffic from outside and having backend f/w we are securing our internal network also. but this is not the best pracice because adding more f/w require more knowledge of the network and welcoming more complicacy.

limitation of servers in one switch module, depends on number of ports in switch module.

I hope it will clarify.



Re: Advice on Network Design

It is fine to use two layers of F/W to protect internal and prevent attack from external.

What I suggest is to define which component is important then may the corresponding security protection there.

Yuo also have to setup different set of F/W rules in two layers. Otherwise, it is equal to a same F/W when there is hacker.

The performance of the F/W is another issue that due to the back-end F/W is using to protect private end too.

In addition to F/W, you can also consider to have IPS / NBA to protect the network for zero day attack.

Many many items require to consider. You may require a rask assessment to define the plan & design.

Just my 2 cents.

CreatePlease to create content