- Posts: 158
- Thank you received: 1
firewall placement
10 years 10 months ago - 10 years 10 months ago #38455
by skylimit
"...you are never too old to learn" anon
firewall placement was created by skylimit
Hi all, I've been doing a bit of study on firewalls lately (normally spend most time on routers & switches) and one of the things I'm yet grasp, is placement of a firewall on a network, by design if you link.
For instance, if you have a network based on the Cisco hierarchical model i.e. core, distribution, and access layers, where would you place the firewall?
Here's my understanding.
Access layer (L2 switches) - workstations, servers, etc..pretty simply
Distribution layer (L3 switches) - SVIs for intervlan routing, etc
Core layer (L3 switches) - connection to upstream service provider router, BGP, etc
Would it be possible to place the firewall in front of the core routers even when it doesn't 'quite' do stuff link BGP routing for instance or behind it? what is the most basic placement in such a hierarchical network? I've seen a lot of diagrams onthe web but they don't really show the firewalls
access<---->dist<--->core<--->asa firewall<---> internet/service provider
I don't know if my question makes sense
Any input, notes, links, etc from people experienced in this area will really help me
Thanks
For instance, if you have a network based on the Cisco hierarchical model i.e. core, distribution, and access layers, where would you place the firewall?
Here's my understanding.
Access layer (L2 switches) - workstations, servers, etc..pretty simply
Distribution layer (L3 switches) - SVIs for intervlan routing, etc
Core layer (L3 switches) - connection to upstream service provider router, BGP, etc
Would it be possible to place the firewall in front of the core routers even when it doesn't 'quite' do stuff link BGP routing for instance or behind it? what is the most basic placement in such a hierarchical network? I've seen a lot of diagrams onthe web but they don't really show the firewalls
access<---->dist<--->core<--->asa firewall<---> internet/service provider
I don't know if my question makes sense
Any input, notes, links, etc from people experienced in this area will really help me
Thanks
"...you are never too old to learn" anon
Last edit: 10 years 10 months ago by skylimit.
Time to create page: 0.107 seconds