Hi all,
I'm in a position in my company where I'm having to redesign and implement new equipment within the DC. The reason is it's never been done properly and long overdue. I've just started at this company at the beginning of Jan. Here are some facts to take into consideration:
- Company has 1 DC (doesn't look like there will be any need to expand/stand up a new DC in the next 3 - 5 years)
- AWS instance which is used to segregate another application & data that company have (it was built in AWS just in case it was ever going to be sold off to make it easier)
- Company has 2 offices which are currently connected via Meraki 'SD-WAN' these then connect to the DC.
New network equipment looks like this:
2 x Internet Lines from separate ISP's
2 x Cisco 2130 Firepower's
2 x Nexus 5672
8 x 2208 Switches
I've drawn a diagram of how I see everything logically connecting to each other, but I just want to make sure I'm heading in the right direction.
I've got a few questions that I've tried to look up but can't really get a definitive answer:
Should the internet circuits be terminated directly on the firewall? I've read up that this is fine to do given NGFW's are a lot better than older firewalls
Given the size of the estate mentioned above, should I be using BGP? It allows for possible expansion in the future, currently, static routes are being used which I would like to get rid of
If yes to the above, where should the BGP be taking place? On the firewalls or on the Nexus'?
Thank you for taking the time to read through this, I've been in the field a while, but this is the first time I've been a 1 man band so to speak and I would really like to get this right.
No comments:
Post a Comment