Hi all
Hoping for some solution suggestions here...
We have a data centre environment connected to our internal user network via a 10G port between two Nexus 9Ks. Currently when a user is connected to our internal network they can access the Data Centre resources. Our goal is to only allow port 80 and 443 traffic from internal to DC and block everything else EXCEPT for 5 admin users who should be allowed to access all IP ports across the link. We've considered Cisco ISE with SGTs but it seems overkill for the scale of what we're trying to do and we don't want to change our whole authentication architecture. We can't base it on IP addresses because the 5 users need to be able to access DC resources when on wireless too, so static wired IPs isn't enough. Also considered sticky MAC address port-security, which would be fine if we didn't need to allow all users on ports 80 and 443. Ideally the control would be based on usernames but separate to Windows AD. Perhaps we could implement a small next-gen firewall to control the traffic? Any other ideas on how we can achieve this?
Thanks
No comments:
Post a Comment