Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
456
Views
5
Helpful
1
Replies

Inserting device into dmz

arrayservices
Level 1
Level 1

‎01-10-2013 11:49 AM - edited ‎03-07-2019 11:01 AM

I have a question regarding adding a web filter appliance into our dmz segment. Please see the attached diagram.

Here is the scenario: I have a /28 subnet between my internal and external firewalls for L3 connectivity. On our internal firewall, I have a default route for internet traffic pointing to the external firewall (10.10.1.2).

We will be inserting a web filter appliance as indicated on the diagram. The appliance requires an IP address to be assigned to the LAN interface.

What is the best way to accomplish this with minimal impact?

Will my default route on my internal firewall have to change to the IP of the web appliance if I address the web appliance on the 10.10.1.x subnet?

Should I address the web appliance on the 10.10.1.x subnet to begin with, or create a vlan on the 2960 and a L2 interface on one of the firewalls?

Please help!!!!

Brian

Labels:
Preview file
111 KB
0 Helpful
1 Reply 1

Andras Dosztal
Level 3
Level 3

‎01-10-2013 12:10 PM

I would create a new VLAN/subnet for the web appliance, and redirect the traffic using WCCP or Policy Based Routing (if the appliance doesn't support WCCP).

If you choose WCCP, use version 2. If you use PBR, use IP SLA to monitor the health of the appliance.

Customers Also Viewed These Support Documents