cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1168
Views
0
Helpful
3
Replies

Real world networka are so different! Simple question

Patryczek803
Level 1
Level 1

Hi everyone! I've finally landed my first job as a network engineer in a small company. I can't understand one thing regarding the uplink. While I was preparing for CCNA the main connection to the internet was via the firewall. In almost every network I have here the Internet goes directly to the switch and then to the firewall. I totally don't understand this design concept. Could somebody explain it to me in depth? I am very curious. When I asked my colleague he said:"This is how the network was built in the past... but why? 

 

Thanks in advance,

Patryk

1 Accepted Solution

Accepted Solutions

Joseph W. Doherty
Hall of Fame
Hall of Fame
A possible reason, to support public/Internet accessible servers logically outside the interior network (i.e. might be totally outside or on a DMZ protected by the FW).

BTW, in the "real world", you often find networks far from what "the book" suggests. Sometimes that might be due to some special need (often a monetary limitation), sometimes due to "network engineers" not knowing best practices, sometimes due to "old" designs from earlier "best practices" never updated, etc.

View solution in original post

3 Replies 3

Joseph W. Doherty
Hall of Fame
Hall of Fame
A possible reason, to support public/Internet accessible servers logically outside the interior network (i.e. might be totally outside or on a DMZ protected by the FW).

BTW, in the "real world", you often find networks far from what "the book" suggests. Sometimes that might be due to some special need (often a monetary limitation), sometimes due to "network engineers" not knowing best practices, sometimes due to "old" designs from earlier "best practices" never updated, etc.

check more details of your topology.

It could simply be that the FW is not physically between the ISP and your network,  but logically

just like the "router on a stick" it can be a "firewall on a stick"

 

e.g. the ISP is connected to the switch, this connection is forwarded by a vlan to a subinterface on the FW as  outside link

same for inside vlan(s)

 

Thank you for your response. I think I get it now. Everyday something new comes up. Sorry for the delay in responding. 

 

KR,

Patryk

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco