Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
461
Views
1
Helpful
4
Replies

Looking for advice on network diagram

Go to solution
VM0815
Level 1
Level 1

‎03-09-2025 05:22 AM

hi all,

i am working on an university project where I need design a logical and physical target network for a fictitious company. I chose a manufacturer in the automotive industry. Its more about the fundamentals, than designing every last bit.

Later I will also need to create a components list with all the different functions, networks and IPs as well as a security concept. Before I start with that, I would like to ask if there is anything obvious that I am missing or I should change.

I am an absolute beginner in networking and after reading some literature and documentations I came up with the following design. I am also thinking about how to add some redundancy especially for the OT-network to increase availability.

I would be thankful for any advice.

*Customer Services stands for e.g. diagnosis tools for customer cars

Challenges_and_Solution-Zielnetzwerk - logisch.drawio.png

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
M02@rt37
VIP
VIP

‎03-09-2025 07:40 AM

Hello @VM0815 

Redundancy has to be a key concern, especially for firewalls and switches in the LAN and OT network. Right now, each firewall (CFW01-03, FW02) and switch (SW02, CSW01-03, IDMZSW01) is a single point of failure.

For OT, add redundant firewalls and switches per cell and ensure dual uplinks to the industrial DMZ. For IT, consider dual L3 switches (SW02) with HSRP/VRRP to prevent failures from cutting off connectivity.

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

4 Replies 4

Go to solution
M02@rt37
VIP
VIP

‎03-09-2025 07:40 AM

Hello @VM0815 

Redundancy has to be a key concern, especially for firewalls and switches in the LAN and OT network. Right now, each firewall (CFW01-03, FW02) and switch (SW02, CSW01-03, IDMZSW01) is a single point of failure.

For OT, add redundant firewalls and switches per cell and ensure dual uplinks to the industrial DMZ. For IT, consider dual L3 switches (SW02) with HSRP/VRRP to prevent failures from cutting off connectivity.

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Go to solution
VM0815
Level 1
Level 1
In response to M02@rt37

‎03-09-2025 07:45 AM

thanks for your input

0 Helpful

Go to solution
VM0815
Level 1
Level 1
In response to M02@rt37

‎03-12-2025 09:50 AM

Hi M02@rt37 ,

thanks again for your hints.

I added active and passive firewalls in the cells and also additional switches which could be extended to a ring topology if needed.

In the IDMZ i added stacked switches, which as I understood are easily extendable and can also act as backup in case of failure. these are now behind a dual firewall. 

In the internal network I also added a switch stack.

My understanding is, that now at least the communication between internal network and the cells is highly available. The external communication and DMZ is still affected by single point of failures but as availability is not the main concern here, one could accept the risk.

does this sound right?

 

Challenges_and_Solution-Zielnetzwerk - logisch.drawio.png

0 Helpful

Go to solution
M02@rt37
VIP
VIP
In response to VM0815

‎03-12-2025 10:24 AM

Sounds perfect @VM0815 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful
Customers Also Viewed These Support Documents