I have a question about routing traffic through these devices. We are not corp 500, but we have enough locations (small locations) were we install riverbed devices and IDS/IPS devices. Our current setup is very basic (I think)...here is what it looks like.
ISP router----->firewall/router--->riverbed and/or IDS/IPS----->network switch---->a handful of VLANs
This works for us because most if not all of our VLANs are all we need to pass through these devices, however, every once in a while a request will come in to add a new network and instead of adding a VLAN on the existing switch and sending the traffic through the transparent devices, we have to assign the new network its own interface on the firewall/router. This is easily doable, but now the traffic doesn't make it through the riverbed and/or IDS/IPS devices. We do have security services on the firewall, which is better than nothing, but there is no WAN optimization and/or the same level of IDS/IPS that the appliance provides.
The question I have is, could this scenario be converted to fully routed and add the riverbed and/or IDS/IPS devices as a 'hop' so that traffic has to pass through those devices regardless if it is connected at the router, directly, or hanging off of the switch as a VLAN?
I realize that this is something that needs additional thought and discussion, I'm not asking to actually implement (at least, not at an existing location, possibly in a new location and/or if there is a big upgrade in the future), but instead, would like to discuss how others are doing this.
I am not the main networking person here, I'd say more junior, and the senior network admin doesn't have a good answer for me. I've asked, but the type of response I'm getting tells me that he isn't sure about setting it up another way.
To be clear, I'm not saying this setup is wrong, for our needs it works just fine, I'm just trying to learn a bit more about other ways it can be done.
Thanks.
No comments:
Post a Comment