Showing results for 
Search instead for 
Did you mean: 

Internal Network and DMZ behind Fabric Interconnect


Need help on design suggestion and risk involved

We have Fabric Interconnect and Servers /Clusters behind that Fabric Interconnect.

These Servers are grouped into clusters. One cluster is used for Internal Applications/Converged Infra, Other cluster is dedicated for DMZ applications

for LAn-internal zone , DC-Agg switch--> fabric Interconnect--> Cluster dedicated for Internal Zone applications
for DMZ zone, DMZ-Agg switch--> fabric Interconnect--> Cluster dedicated for DMZ applications

L3 Gateways for LAN /Internal applications are configured on DC-Agg LAN switch. L3 Gateways for DMZ applications are configured on DMZ Agg switches.

Fabric Interconnect has two uplinks to DC-Agg switch and We permitted required VLANs on it ( both from switch and FI)
there is another uplink from same fabric interconnect to DMZ switches and DMZ vlans are permitted on it.

if Server/application hosted on Internal cluster wanted to talk to DMZ Server:-
Forward path --> Internal Server--(through Fabric Interconnect)--DC-Agg LAN switch--> Firewall-->DMZ- Agg switch--(through Fabric Interconnect)--DMZ Server
Rerevse Path :- DMZ Server-->(through Fabric Interconnect)-->DMZ- Agg switch-->Firewall-->DC-Agg LAN switch-->(through Fabric Interconnect)--Internal Server

We have firewall between these two networks. But, since , DMZ and Internal Servers are behind same Fabric Interconnect, Is there any security risk


did anyone see security risk. Thanks in advance