Hi,
Currently where I'm at, we have essentially two businesses under one group where both can't talk to each other. We have access lists on a layer three switch, and most of the routing is also on there (Core switch in the diagram). The firewalls are WatchGuard M270s and Cisco switches. OSPF configuration and access lists are done on the switches too. We have some spare kit to play on too
Our current design looks like this
https://ibb.co/9rzr42X
The two firewalls in this diagram aren't in an HA pair, and company 1 isn't allowed to talk to company 2. Company 1 and Company 2 also must use separate ISPs. Not sure why, but apparently the vendors say so. I'm thinking of trying to remove complexity, and have the routing, including OSPF done entirely at the firewall level, removing the router out of the equation too, and simply VLAN'ng it off as if it was a router on a stick
Would the following diagram "work" theoretically?
Would it also be something that'd be good say if we buy up another company, or we get bought up ourselves ? I'm trying to see what's best long term for the group, and I'd rather get the design "down"
No comments:
Post a Comment