Thursday, November 22, 2018

How to connect to DMZ

Wondering how I could get a pair of DMZ L2-only switches in a pair of datacenters to work with a FW implementation (Note: I don't have the DMZ switches, this is theoretical, as I am seeing how it would work before considering buying them). I've put a scenario in the link below.

https://imgur.com/a/n2J1IDJ

I'm guessing the way you would put these in, is just by physically connecting them at layer 2 to the top of rack switches. Would this be normal practice, or how else would you do it without connecting these DMZ switches to the core. I just need a link between the firewalls for the outside interface to connect to the edge firewall, so a VLAN between the two is just fine. I have a public subnet used for this VLAN, so my outside FW has an IP of x and the edge FW has an IP of Y in the same subnet. There is another interface on this FW that needs similar access.

It feels straight forward, but I'm trying to see if anyone implement these DMZ switches in a different way, or better way for a larger scale of devices.



No comments:

Post a Comment