I've been tasked with cleaning up the network layout and I've been at this for way too long.
I'm trying to simplify the network as much as possible so the day I'm gone the next guy isn't spending three months trying to figure out the mess the previous guy made like I've been doing!
We have three networks that due to PCI need to be seperated via a firewall.
We'll call those three networks Office, Production and DMZ.
Office has the bulk of the devices (Two 4506's trunked using 3 port-channels with each other)
Production has all the devices with sensative data.
DMZ has our internet facing devices.
I've configured the IDP to be transparent; each network passes through it.
The VPN device hangs off to the side bypassing the IDP.
And the webfilter also hangs off to the side just filtering web traffic via proxy settings in browser.
We've also got a direct circuit to our sister company which was initially setup as a VLAN on one of the switches which I've moved to the firewall.
I'm looking for some critiques, opinions or recommendations.