Hello all,
My corporate is planning to upgrade/buy firewalls for our network, but im very skeptic as to what to offer for our current network design.
Here's a small background. My corporate operates in 2 separate geographical locations ( not too far, around 20-ish kilometers ), and we recently made one of our locations as our Disaster recovery site, Cold recovery, which made this site unused unless something happens to our Primary site.
My concern is, the way our network guys designed the network is that the users that are on our secondary site, will need to go through a WAN connection to our primary site to access our data ( which is normal, as the secondary site is just a disaster recovery site ), but also when they need to access the Internet, they have to go through the same route, which in turn makes my Secondary Site ASA firewall useless until something happens to Primary site.
Now we are planing to upgrade our security ( our current ASA are both 5520 ) to some of the deep inspection firewalls like Firepower or Palo Alto.
My suggestion was to keep our current ASA for basic Firewall/Routing, and get a new Firepower/PaloAlto for our Internal<>Outside, and possibly protect our DMZ as well.
Problem is, i'm not sure if that would work with our current design.
Take a look at a basic level of our network diagram I tried recreating on Visio. I would appreciate if you could point me in the right direction as I have moved from Networking a while ago, but now I have been tasked to find a solution for this as i'm the Information Security Officer.
No comments:
Post a Comment