topic OK thanks. Is there any in Network Security

DMZ Design

notofthisearth — Tue, 12 Mar 2019 05:33:03 GMT

I need to create a DMZ where VMs in my environment can be accessed from the public internet. The current plan is:

-Have a single firewall that is connected to a 7000K switch. There will be both a DMZ subnet and internal network subnets sharing the same physical switch, and travelling in and out the same physical switch trunk ports to various ESXi hosts. The traffic will be separted only by being tagged with different vLAN tags, and by creating firewall rules to that control what communication can happen to and from the DMZ subnet.

Is this a viable "DMZ" design or does DMZ traffic need to be on a different physical switch or at least not trunked on the same switch ports?

This would fail any regulated

Collin Clark — Wed, 25 Feb 2015 02:39:32 GMT

This would fail any regulated security audit.

OK thanks. Is there any

notofthisearth — Wed, 25 Feb 2015 05:08:13 GMT

OK thanks. Is there any reference documentation to define exactly what a regulated audit is looking for in DMZ design? Is there a specific document or link I can point to that sets out what the requirements are? When you say regulated audit are you talking specifically PCI-DSS, Sarbanes Oxley, NIST, FISMA, or all of the above? Which audits are "regulated"?

By regulated I mean PCI, DISA

Collin Clark — Wed, 25 Feb 2015 14:35:40 GMT

By regulated I mean PCI, DISA, etc. You can check out the CVD for internet edge at http://www.cisco.com/c/en/us/solutions/enterprise/design-zone-edge/landing_iEdge.html#~designs