Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1728
Views
0
Helpful
2
Replies

Server room network setup

Go to solution
alvinreddy
Level 1
Level 1

‎07-29-2015 07:01 PM - edited ‎03-08-2019 01:10 AM

Please confirm which design is accurate?

 

1. Setting up the server room with multiple stackable switches with different subnets and having the gateway to be a Cisco firewall ?

OR

2. Setting up the server room with multiple stackable switches with different subnets and having the gateway to be a Cisco Router?

 

Objective;

 - Looking for secure connections for the servers connecting to the switches

 - Trying to determine fast connectivity for servers when trying to connect to internet or intranet

 

Any specific cisco materials I could look into to get an insight of what I am trying to achieve?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Martin Hruby
Level 1
Level 1

‎07-31-2015 12:56 AM

Hello

Depending on the scope of your project and your budget there are multiple options to go for.

For smaller branch networks I would recommend implementing a zone-based firewall (ZBFW) feature on the router. Break down your network into zones and then apply security policies for traffic exchanged between zones. For traffic going between VLANs in the same zone, perform Inter-VLAN routing on the switches SVI interfaces. For traffic going between VLANs in different zones, perform Inter-VLAN routing on the router with sub-interfaces assigned to correct zones and correct security policies applied.

For example you can place your servers into a DMZ zone, the uplink to the Internet into an ISP zone and other internal sub-interfaces attached to user VLANs into an internal zone. Then specify what is allowed to be exchanged between zones thereby abstracting the interfaces.

For more information see: http://www.cisco.com/c/en/us/support/docs/security/ios-firewall/98628-zone-design-guide.html

Best regards,
Martin

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Martin Hruby
Level 1
Level 1

‎07-31-2015 12:56 AM

Hello

Depending on the scope of your project and your budget there are multiple options to go for.

For smaller branch networks I would recommend implementing a zone-based firewall (ZBFW) feature on the router. Break down your network into zones and then apply security policies for traffic exchanged between zones. For traffic going between VLANs in the same zone, perform Inter-VLAN routing on the switches SVI interfaces. For traffic going between VLANs in different zones, perform Inter-VLAN routing on the router with sub-interfaces assigned to correct zones and correct security policies applied.

For example you can place your servers into a DMZ zone, the uplink to the Internet into an ISP zone and other internal sub-interfaces attached to user VLANs into an internal zone. Then specify what is allowed to be exchanged between zones thereby abstracting the interfaces.

For more information see: http://www.cisco.com/c/en/us/support/docs/security/ios-firewall/98628-zone-design-guide.html

Best regards,
Martin

0 Helpful

Go to solution
alvinreddy
Level 1
Level 1
In response to Martin Hruby

‎08-01-2015 07:44 PM

Thanks Martin appreciate your response.

Regards.

0 Helpful
Customers Also Viewed These Support Documents