DC & Perimeter Firewall

adamgibs7 · ‎08-04-2021

Dears

i have a small setup and i have a below question related to design

i have a simple question related to the design we usually keep switches in cross connection between the internal firewall and perimeter firewall if incase of failover between the firewall the traffic should flow for this purpose, instead of buying those middle layer switches if i connect the perimeter firewall to the core switch, does it will easy for attacker to screw the core switch if incase my perimeter firewall is compromise ,

Please advise.

MHM Cisco World · ‎08-04-2021

meaning using specific VLAN for router and FW?

NOTE:-this SW called outside SW

balaji.bandi · ‎08-04-2021

Is this design Hosted Service model or Enterprise LAN and DC mode? ( any topology diagram will help to understand better)

In General, if the enterprise DC you need to connect to Core switch for Routing in either case. ( that is the reason you have DMZ between the Internal network and the Internet.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Marvin Rhoads · ‎08-05-2021

As long as you don't expose any control plane or layer 3 services on the interfaces and VLANs on the switch that your perimeter firewall connects to, the exposure to external attacks is extremely small.