Need help on design suggestion and risk involved
We have Fabric Interconnect and Servers /Clusters behind that Fabric Interconnect.
These Servers are grouped into clusters. One cluster is used for Internal Applications/Converged Infra, Other cluster is dedicated for DMZ applications
for LAn-internal zone , DC-Agg switch--> fabric Interconnect--> Cluster dedicated for Internal Zone applications
for DMZ zone, DMZ-Agg switch--> fabric Interconnect--> Cluster dedicated for DMZ applications
L3 Gateways for LAN /Internal applications are configured on DC-Agg LAN switch. L3 Gateways for DMZ applications are configured on DMZ Agg switches.
Fabric Interconnect has two uplinks to DC-Agg switch and We permitted required VLANs on it ( both from switch and FI)
there is another uplink from same fabric interconnect to DMZ switches and DMZ vlans are permitted on it.
if Server/application hosted on Internal cluster wanted to talk to DMZ Server:-
Forward path --> Internal Server--(through Fabric Interconnect)--DC-Agg LAN switch--> Firewall-->DMZ- Agg switch--(through Fabric Interconnect)--DMZ Server
Rerevse Path :- DMZ Server-->(through Fabric Interconnect)-->DMZ- Agg switch-->Firewall-->DC-Agg LAN switch-->(through Fabric Interconnect)--Internal Server
We have firewall between these two networks. But, since , DMZ and Internal Servers are behind same Fabric Interconnect, Is there any security risk
did anyone see security risk. Thanks in advance