I talked to a vendor today about my network requirements and they recommended not having a distribution layer and instead using a virtual chassis to connect all of the switches. Taking that design into consideration here is a diagram I came up with. All of the network switches are EX3400s and the EX2300 will just be for out of band management. As far as a firewall goes we are planning on going with a FortiGate 80E.
I can see the good things about it such as it being easier to manage and cutting costs, however I am concerned about there being potential security issues. All devices including servers, workstations, laptops, employee byod devices, cameras, building automation systems, guest devices, etc would be on one stack. I know juniper has firewall filters, but would that and the edge firewall be enough to properly secure the network?
I would really appreciate feedback on my network design and suggestions on how to improve it. This isn't a huge network so I can see how it would make sense to go down this route, but I really want to make sure I am making the right decision.
No comments:
Post a Comment