06-08-2001 07:36 AM - edited 03-08-2019 08:20 PM
hi folks, i have a problem deploying our PIX firewall. the following is our network topology:
(internet Bbone)--(GSR)--(6009)--(Alteon L4 switch)--(4009)--(PIX535&WEB/Email Servers)
[note: Alteon L4 switch is for load balance among servers.]
As far as i know, PIX is usually put between a router and a switch. but in this case, the PIX is not directly connected to the router, rather, ALL of the interfaces of the PIX are connected to the Cat4009 only, there are VLANs presented on the Cat4009. the servers, like the PIX, are also connected the Cat4009 via different VLANs.
my question is: Does the PIX still work in this case? i mean, it seems like all the inbround traffics from the internet can first reach the Email/web servers without the protection of the firewall, because the firewall's position makes it impossible to block any traffic from the outside network. the firewall only works when the servers respond to the inbound traffic, because the PIX can check the returned packets sent by servers.
is this topology all right for a network which need high security? or it doesn't work at all? is there a better solution?
any help will be greatly appreciated, thanx in advance.
06-08-2001 08:32 AM
hi,
this network will not have enough security bcoz the firewall has to be placed between the internet and u r internal lan. a better design would be to put the pix after the l4 switch and put the servers in the DMZ of the PIX and the 4009 for the internal lan.
4009 shud be connected to inside interface of the PIX and the L4 switch shud be connected to outside interface of the switch.
with regards,
shanky
06-08-2001 08:38 AM
hey i got a much better solution
email /web servers
|
|
Alteon L4 switch ( for load balancing)
|
| (DMZ)
|
|
|
pix-----4009---internal lan
|
|
|
|
6009
|
|
GSR
|
|
Internet BB
with regards
shanky
06-11-2001 04:37 AM
Hi, shanky,
Thanx for your advice, it's really helpful, guess what? we are now considering redesigning the network topology, hehehe ...
Regards,
y.c.zhao :)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide