At my company we are currently changing our firewall from old ASA to new FTD version of Cisco, and I wanted to follow best practices on the design.
Right now we have our DMZ the right way, but our server farm comes through INSIDE network interface. I get it this is usually the right way, because you trust your INSIDE network, and traffic from INSIDE to Server Farm will not be filtered.
I wanted to sepearate SrvFarm from INSIDE, but im not sure if this is a good aproach. One problem i think it will have is, I will need to create a lot of access rules from In to Srv.
Is this worth doing so, or should I work more and try and "clean" my INSIDE network, trust it and leave it on the same interface?
Thanks!
No comments:
Post a Comment