Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
445
Views
0
Helpful
1
Replies

Zones Designing in firewall

Ghost Rider
Level 1
Level 1

‎12-30-2013 09:24 PM - edited ‎03-11-2019 08:23 PM

Hello Experts

We have core firewall in datacenter. We have web servers (front end), application servers (middle end) and database servers (backupend) and backup appliances. The OS is a mix of windows/linux

What is the best practice to design the zones in this enviornment for good security. I means lets say putting all web servers in one zone, application servers in second zone and database server in another zone and backup appliances in sepearte zone?

1- But what about security of say application to application servers?

2- And sometimes I heard application to database does not like firewall?

3- Similary backup appliance to servers huge traffic passing through firewall?

4- Also OS is of different type. Should I also consider to put same OS in same zone?

Appreciate the input

Labels:
0 Helpful
1 Reply 1

Marius Gunnerud
VIP
VIP

‎01-03-2014 02:19 AM

It would be best if you were able to separtate all services into seperate zones, but this isn't always possible.  I would suggest putting all frontend servers in one zone,  and all other servers (backend, database, and backup servers) in a second zone.  Then restrict required access by using ACLs and make sure that traffic is explicitly permited, do not allow permit IP any any or even permit IP any to server IP.  Specify which ports should be allowed to access the various servers.

--
Please remember to rate and select a correct answer

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card