06-12-2021 07:41 AM
we have one Expressway setup in UK region with Exp-C lan 1 and Exp-E lan 1 in the same subnet, is this a security flaw and can lead something to slip through the cracks?
In the expressway configuration design guide, it shows the deployment like this, lan 1 of Exp-C and E are in different subnet and there is a firewall between them. In my setup we have lan1 of both Exp-C and E in the same subnet
06-12-2021 08:11 AM - edited 06-12-2021 08:21 AM
Its not mandatory that you see same setup described in the document with every customer site. some customer may have only perimeter firewall. some may have firewall between DMZ and local lan.
I have client who has no firewall in between the E and C, same as your setup both E internal NIC and C in same subnet and client who's E and c are different subnet and use firewall in between. All these sites are working fine without any security issues.
If your expressway configuration is not good, an outside person can call tall fraud calls . We do hardening by combination of search rules and CPL.
Go through the Cisco live docuemnts , to learn more bout how to make expressway secure.
06-12-2021 08:17 AM
what exactly the below highlighted line implies. How can Exp-E validate and forward the traffic between the isolated subnets? if am correct it is implying the traffic to Exp-C
06-12-2021 08:31 AM - edited 06-12-2021 08:34 AM
You can have single NiC and dual NIC setup. its about when to use the dual NIC configuration.
Go through the below live document. its an old one, you can search the latest version.
06-12-2021 08:47 AM
06-12-2021 09:22 AM
As mentioned, I have sites running both scenarios. How secure your expressway deployment is based on how you configure it.
if you can put a firewall in between the DMZ and lan, go for the design mentioned in the document. because its the recommended design. if you have you no option to keep a firewall in between go with the same design what you have.
Make sure you have tight search rules and CPL.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: