Wednesday, April 22, 2020

Network Design Validation and Suggestions

I have to re-design a firewalled design and add F5 & DC Firewall in the network

I put together a fairly average network design in the link below, so we can talk about this.

https://imgur.com/a/0MraD7i

I just need to know required traffic flow (direction, south-north or east-west), pattern.

My assumptions and queries

- Core network would have default route to DC switches to get to internet and Servers. Access to servers would then be controlled by DC firewall.

- DC Switches would have default routes to DC firewall.

- I want to add F5 for internal network as well.

- I understand that for traffic flow in from the internet to servers will hit internet edge firewall and the Firewall will DNAT traffic to F5 on virtual IP's and F5 will source SNAT the traffic to DC. Palo Alto DC Firewall would then control the access to servers.

- How traffic from the internal network to servers in the DC will if I add same F5 in the network path.

What's best practice here ? I would appreciate any feedback and suggestions



No comments:

Post a Comment