Cisco Hierarchical Design

m3zillam3zilla Member Posts: 172
I'm starting to get into the architectural side of things, and have been spending some time on the Cisco Design Zone, reading their guides. For the most part, everything makes sense, but I can't help but ask "Where are the firewalls?"

I've read through several guides, and it has your standard access/distribution/core layer interconnecting to your data center block, internet block, etc....but there's no firewall in sight! Where do you guys have your firewalls deployed?

Comments

  • sratakhinsratakhin Member Posts: 818
    Between the Internet and distribution layer.
  • m3zillam3zilla Member Posts: 172
    How big is your network? Is that your only firewall? We probably have 5 pairs of external facing firewalls, and 15-20 pairs of internal firewalls, separating the various environments.
  • SteveO86SteveO86 Member Posts: 1,423
    Once you get closer you'll see the firewall more.

    Check out some CCDP material. It's got Firewalls/IDS/IPS in the e-commerce layer, also in the aggregation layer of the datacenter, internet layer and so forth. The design zone should also have a section dedicated to security.
    My Networking blog
    Latest blog post: Let's review EIGRP Named Mode
    Currently Studying: CCNP: Wireless - IUWMS
  • networker050184networker050184 Mod Posts: 11,962 Mod
    m3zilla wrote: »
    How big is your network? Is that your only firewall? We probably have 5 pairs of external facing firewalls, and 15-20 pairs of internal firewalls, separating the various environments.

    Oh god I absolutely HATE working on these types of networks.
    An expert is a man who has made all the mistakes which can be made.
  • RoguetadhgRoguetadhg CompTIA A+, Network+. Member Posts: 2,489 ■■■■■■■■□□
    15-20 pairs of internal firewalls w/ 5 pairs of external-faring firewalls? Sweet Baby Santos!

    Any possible way to get a sanitized diagram of the network?
    In order to succeed, your desire for success should be greater than your fear of failure.
    TE Threads: How to study for the CCENT/CCNA, Introduction to Cisco Exams

  • m3zillam3zilla Member Posts: 172
    I'll get something drawn up when I have some time, but we essentially have a pair of firewalls for each environment (QA, Performance Testing, Client Testing, etc) and firewalls for each Business Unit.
  • SteveO86SteveO86 Member Posts: 1,423
    I am looking into a design like that for our Dev environments but I am leaning toward a ASA Cluster with security contexts just so I don't have to deal with a dozen pair of ASAs. (that and cost)
    My Networking blog
    Latest blog post: Let's review EIGRP Named Mode
    Currently Studying: CCNP: Wireless - IUWMS
Sign In or Register to comment.