Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2101
Views
0
Helpful
10
Replies

Security in Data Center

rahimbhamani
Level 1
Level 1

‎11-12-2011 03:26 AM

Well our organization is planning to implement security in Datacenter for Server Farm. Therefore we are purchasing ASA 5585-X series devices. I need your suggestion that how we can implement firewall b/w Core Switch and Server Farm switch

According to my suggestion:

1.      Firewall is in transparent mode (because all server gateways will be core switch)

2.      Ether channel between Core switch and Firewall and b/w Server farm switch and Firewall

3.      Interfaces b/w Core switch and Firewall and b/w Server farm switch and Firewall must be trunk

4.      Interfaces B/w Core switch and Firewall must be outside zone and b/w Server farm switch and Firewall must be inside zone.

5.      And ACL will be applied at Outside interface IN direction.

Suggestion is required.

Labels:
Preview file
30 KB
0 Helpful
10 Replies 10

Reza Sharifi
Hall of Fame
Hall of Fame

‎11-13-2011 03:41 PM

Rahim,

I am wondering, what you are trying to secure with the firewall.  Do you have multiple organizations connecting to you access switch in the server farm in different vlans?  If yes, ACLs on the router can block vlan communication. If it is all the same organization residing on the same switch, then what is the purpose of the firewall?

HTH

0 Helpful

rahimbhamani
Level 1
Level 1
In response to Reza Sharifi

‎11-13-2011 07:43 PM

Reza

No, we dont connecting multiple organiztaions. We only want to secure Server Farm through ACLs by using firewall.And we dont want Core switch to use as a Firewall.

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to rahimbhamani

‎11-13-2011 07:49 PM 

We only want to secure Server Farm through ACLs by using firewall.

Wow, that is a very pricey option.  A router with properly defined ACL will suffice.

0 Helpful

rahimbhamani
Level 1
Level 1
In response to Leo Laohoo

‎11-13-2011 07:53 PM

But in future we also need to deploy IPS option and the said firewall has module for IPS.

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to rahimbhamani

‎11-13-2011 08:07 PM 

But in future we also need to deploy IPS option and the said firewall has module for IPS.

And you position the ASA between your core switch and your server farm?

0 Helpful

rahimbhamani
Level 1
Level 1
In response to Leo Laohoo

‎11-13-2011 09:29 PM

Yes.

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to rahimbhamani

‎11-14-2011 01:11 PM

Are you trying to establish a DMZ for your server farm? 

0 Helpful

rahimbhamani
Level 1
Level 1
In response to Leo Laohoo

‎11-14-2011 07:48 PM

Well you can say that, all vlan are in different DMZ Zone.

0 Helpful

Surya ARBY
Level 4
Level 4
In response to Leo Laohoo

‎11-14-2011 01:54 PM

Managing traditionnal ACLs can be a nightmare with dynamic protocols (ftp for instance, or protocols used by unified communications), a firewall will be easier for administration.

0 Helpful

johng231
Level 3
Level 3
In response to Surya ARBY

‎05-10-2012 01:25 PM

Hello

Our company is looking into implementing a DC firewall solution too. We're evaluating other firewall vendors that support full dynamic routing protocols as well as statefull packet inspection. I always thought of the ASA of just being a firewall first, not using any dynamic routing protocols on it.

  • Can the ASA 5585-x series support full dynamic routing protocols without any performance issues?
  • Does the ASA 5585-x contain a separate RE module?
  • What is the best practice for using the ASA as a DC firewall? 
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card