Hello everyone -
I have a question on the best way to design this small network for optimal security and best practice.
We have a small network for our office. We have about 70 employees with plans to add 10 more this year, so not huge. We only have a couple on site servers for local stuff (ad, dns, etc.)
We have a layer 3 switch as the core. I have our internal networks set up on the layer 3 core and then the core has a default route to the firewall.
We are going to have a separate guest network and a few other networks that I want to lock down with ACLs so I want to do that on our firewall, rather than doing it with ACLs on the switch.
The firewall has two ten gig interfaces, one to the LAN core and one to the WAN/internet core.
Here's my question: do I add the "secure" VLANs to the 10 gig uplink to the firewall that is used for transporting traffic from the core or do I add a 2-port LAG or something from the core to the firewall that way I don't have layer 2 and layer 3 links on the same port.
We're using Extreme Networks switching VLANs on every port is how their stuff works, so typically we've been sharing our fiber links for Layer 3 transport of internal and layer 2 secure links on the same fiber. But I feel like we probably shouldn't be doing that and rather should be using one link for one purpose.
Here's kind of a simplified diagram of what I am talking about: https://imgur.com/a/95g6sO2
We're also going to be separating our guest traffic into a separate VDOM in the firewall so that would go over the same links as the other secured networks, just a different VLAN.
Thanks in advance for your suggestions!
No comments:
Post a Comment