https://community.cisco.com/t5/network-security/lan-design-help-and-question/m-p/1427625#M662485 <HTML><HEAD></HEAD><BODY><P>Thank you Will and will test your idea out first. Also, looking into trensparent mode configuration. My issue is these servers belongs to three separate vlan subnet.</P><P>campus switch&gt;&gt;&gt;5520 firewall&gt;&gt;another switch&gt;&gt;servers. Looking to implement</P><P></P><P>as it stand currently: campus switch&gt;&gt;&gt;servers. each with 1Gig speed to the switch.</P><P></P><P>Thanks,</P><P>Eric</P></BODY></HTML> Mon, 28 Jun 2010 20:37:32 GMT Eric Boadu 2010-06-28T20:37:32Z https://community.cisco.com/t5/network-security/lan-design-help-and-question/m-p/1427623#M662388 <P class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><SPAN style="font-family: Calibri; color: #000000; font-size: 12pt;">I have been instructed to put firewall in front of servers that connected to LAN switch. I do not manage this switch it manages by another team. All four servers are connected to separate VLAN on the switch with 1Gig speed. Server A: 10.10.5.x. Server B: 10.10.10.x. Server C: 10.10.15.x. Server <span class="lia-unicode-emoji" title=":anguished_face:">😧</span> 10.10.20.x </SPAN></P><P class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><SPAN style="font-family: Calibri; color: #000000; font-size: 12pt;">Does anyone configure this scenario before?</SPAN></P><P class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><SPAN style="font-family: Calibri; color: #000000; font-size: 12pt;">I don’t see how I can make this work by putting firewall in-between. </SPAN></P><P class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><SPAN style="font-family: Calibri; color: #000000; font-size: 12pt;">Current design:</SPAN></P><P class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><SPAN style="font-family: Calibri; color: #000000; font-size: 12pt;">ISP router/firewall&gt;&gt;&gt;LAN switch&gt;&gt;&gt;Servers. This looks fine to me.</SPAN></P><P class="MsoNoSpacing" style="margin: 0in 0in 0pt;"></P><P class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><SPAN style="font-family: Calibri; color: #000000; font-size: 12pt;">Propose requirement: Cisco firewall 5520 will be use.</SPAN></P><P class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><SPAN style="font-family: Calibri; color: #000000; font-size: 12pt;">ISP router/firewall&gt;&gt;LAN switch&gt;&gt;firewall&gt;&gt;&gt;switch&gt;&gt;&gt;Servers.</SPAN></P><P class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><SPAN style="font-family: Calibri; color: #000000; font-size: 12pt;">How can I make this work? Please this is not a joke and need your advice.</SPAN></P><P class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><SPAN style="font-family: Calibri; color: #000000; font-size: 12pt;">I don’t think it is possible.</SPAN></P><P class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><SPAN style="font-family: Calibri; color: #000000; font-size: 12pt;">Thanks,</SPAN></P><P class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><SPAN style="font-family: Calibri; color: #000000; font-size: 12pt;">Eric</SPAN></P> Mon, 11 Mar 2019 18:04:52 GMT https://community.cisco.com/t5/network-security/lan-design-help-and-question/m-p/1427623#M662388 Eric Boadu 2019-03-11T18:04:52Z https://community.cisco.com/t5/network-security/lan-design-help-and-question/m-p/1427624#M662426 <HTML><HEAD></HEAD><BODY><P>Hey Eric, Based on your message, I am not sure which problem you trying to solve:</P><P></P><P>1) Multiple VLAN's into one firewall: you can used one interface with 802.1Q trunking on the firewall and switch to segment out the VLAN's. You have 4 x 1GB + 1x100Mb on the 5520 so you would probably have to configure at least one trunk on one of the Gb interfaces. You may have a bottleneck issue on the Gb interface so probably best to configure this for the two least used server subnets.</P><P></P><P>2) Speed limitation: The 5520 has a max FW throughput of 450 Mbps. So if you are worried about the 4 Gb servers maxing out the connection, then you have to increase the size of the firewall.</P><P></P><P>In general, I am wondering myself about item 2 above, in a design which places a firewall at the core of the network. Firewall's just don't seem to be big enough (at a reasonable cost) to do this yet. If anyone has ideas, let me know.</P></BODY></HTML> Mon, 28 Jun 2010 19:48:58 GMT https://community.cisco.com/t5/network-security/lan-design-help-and-question/m-p/1427624#M662426 will 2010-06-28T19:48:58Z https://community.cisco.com/t5/network-security/lan-design-help-and-question/m-p/1427625#M662485 <HTML><HEAD></HEAD><BODY><P>Thank you Will and will test your idea out first. Also, looking into trensparent mode configuration. My issue is these servers belongs to three separate vlan subnet.</P><P>campus switch&gt;&gt;&gt;5520 firewall&gt;&gt;another switch&gt;&gt;servers. Looking to implement</P><P></P><P>as it stand currently: campus switch&gt;&gt;&gt;servers. each with 1Gig speed to the switch.</P><P></P><P>Thanks,</P><P>Eric</P></BODY></HTML> Mon, 28 Jun 2010 20:37:32 GMT https://community.cisco.com/t5/network-security/lan-design-help-and-question/m-p/1427625#M662485 Eric Boadu 2010-06-28T20:37:32Z