Sign in to follow this  

Firewalls, IDP, VLANs and VPN! Oh My!

Recommended Posts

c.grz    375

I've been tasked with cleaning up the network layout and I've been at this for way too long.

I'm trying to simplify the network as much as possible so the day I'm gone the next guy isn't spending three months trying to figure out the mess the previous guy made like I've been doing!

We have three networks that due to PCI need to be seperated via a firewall.

We'll call those three networks Office, Production and DMZ.

Office has the bulk of the devices (Two 4506's trunked using 3 port-channels with each other)

Production has all the devices with sensative data.

DMZ has our internet facing devices.

I've configured the IDP to be transparent; each network passes through it.

The VPN device hangs off to the side bypassing the IDP.

And the webfilter also hangs off to the side just filtering web traffic via proxy settings in browser.

We've also got a direct circuit to our sister company which was initially setup as a VLAN on one of the switches which I've moved to the firewall.

I'm looking for some critiques, opinions or recommendations.


Share this post

Link to post
Share on other sites
sc302    1,383

In my office, we have done similar.

We have a production network that is vlan'd out and has the routes disabled to be able to communicate to any of the other vlans. No vlans can communicate to that either, dhcp is handled by a local server or the switch itself.

We have an office network for office computers, they have access to the network

We have a dmz for internet facing servers.

If we need something off the production networks or on the production networks it must come via usb stick. We have very sensitive data that cannot be intermingled with office data.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.