We are planning for implementing the Server Farm Firewalls with the following points into consideration
- To secure and control the access from the user (access layer) to server farm such as IPS, Access policies, AV
- East-West traffic inside server farm for stopping malware propagation for critical servers.
In addition to the above, we are also looking for a Web Application Firewall (f5, Imperva) for web servers in DMZ.
The current design is collapsed core. Server Farm access switches are directly connected to Core. The core does inter-VLAN routing and has a default route to pair of Internet edge firewalls which terminate internet connections, VPN and DMZ
I'm looking for a validated design to deploy the solution.
Which firewall would best fit the above requirements Palo Alto, Fortinet, or FTD.
No comments:
Post a Comment