Advice on Network Design

gavin.mckee · ‎10-12-2006

Hi,

Could someone offer me some advice on the network design (see attached).

Do you think having a front end firewall and backend firewall is a good option?

Is this best practice? How many servers could I support in one switch module without affecting performance?

Any help will be rated.

Thanks

Gavin

mukeshpal · ‎10-12-2006

Hi Gavin,

yes having a front end as well back end firewall is securing the network in robust way. via front end we are blocking unwanted traffic from outside and having backend f/w we are securing our internal network also. but this is not the best pracice because adding more f/w require more knowledge of the network and welcoming more complicacy.

limitation of servers in one switch module, depends on number of ports in switch module.

I hope it will clarify.

Thanks!

jackyoung · ‎10-13-2006

It is fine to use two layers of F/W to protect internal and prevent attack from external.

What I suggest is to define which component is important then may the corresponding security protection there.

Yuo also have to setup different set of F/W rules in two layers. Otherwise, it is equal to a same F/W when there is hacker.

The performance of the F/W is another issue that due to the back-end F/W is using to protect private end too.

In addition to F/W, you can also consider to have IPS / NBA to protect the network for zero day attack.

Many many items require to consider. You may require a rask assessment to define the plan & design.

Just my 2 cents.