Sysadmin turned everything guy here so bear with me. We currently are setup as a collapsed core topology. We have a lone firewall sitting above the core that handles all inter vlan and edge routing (With long chains of firewall rules on it all).
For example any traffic originating in the Staff or Student vlans, destined for the Management vlan, passes up through the core, through the firewall (acting as gateway for every subnet on campus) and out into the destination vlan so long as it passed the chains.
We're adding a new building to the campus and will be moving to the traditional Three-Tier architecture as a result, keeping the core in our main datacenter and interconnecting it with distribution switches in each building. Should I keep the sole firewall as handling all inter vlan firewalled routing? Or should I be setting up separate firewalls in each distribution layer somehow? My google-fu is failing me as to the best practices here. I'm assuming if I went with seperate firewalls those would then serve as the new gateways for each building's access layer.
No comments:
Post a Comment