Hello i am curious how granular other engineers do segment their network.
My basig approach: Internal and external infrastructure is seperated like:
Internal zones: -dns -dhcp -active directory -ad fs -app x front (if microsegm. Then integ and prod micro segmentated) -app x back (data base) -management (oob) -net services (tacacs, radius, syslog ec.) -monitoring -load balancing -wireless infra -clients with edr
External -dns -dhcp (for guest and so on) -clients without edr (guests iex) -external accessible apps frontend -load balancing -net services (radius for guests)
I like to read some feedback and some other approaches
No comments:
Post a Comment