we have one Expressway setup in UK region with Exp-C lan 1 and Exp-E lan 1 in the same subnet, is this a security flaw and can lead something to slip through the cracks?
In the expressway configuration design guide, it shows the deployment like this, lan 1 of Exp-C and E are in different subnet and there is a firewall between them. In my setup we have lan1 of both Exp-C and E in the same subnet
Its not mandatory that you see same setup described in the document with every customer site. some customer may have only perimeter firewall. some may have firewall between DMZ and local lan.
I have client who has no firewall in between the E and C, same as your setup both E internal NIC and C in same subnet and client who's E and c are different subnet and use firewall in between. All these sites are working fine without any security issues.
If your expressway configuration is not good, an outside person can call tall fraud calls . We do hardening by combination of search rules and CPL.
Go through the Cisco live docuemnts , to learn more bout how to make expressway secure.
what exactly the below highlighted line implies. How can Exp-E validate and forward the traffic between the isolated subnets? if am correct it is implying the traffic to Exp-C
You can have single NiC and dual NIC setup. its about when to use the dual NIC configuration.
Go through the below live document. its an old one, you can search the latest version.
As mentioned, I have sites running both scenarios. How secure your expressway deployment is based on how you configure it.
if you can put a firewall in between the DMZ and lan, go for the design mentioned in the document. because its the recommended design. if you have you no option to keep a firewall in between go with the same design what you have.
Make sure you have tight search rules and CPL.