| [Config] Two Tier Firewall Configuration We want to setup a Data Center Network for core banking with all the application and Database servers.For the same we are planning to design a Two-Tier firewall network architecture. First Tier firewall (Cisco PIX in failover mode) will have Web servers in DMZ as front end application server. Second Tier firewall (PIX firewall Failover mode) will have the Application and database servers in DMZ as back end servers.
Flow of data will be such that any user logging from internet will access web servers at the first level, get authenticated and web servers will in turn talk to the internal application servers for any data request.
Is the above design OK….
Pls find attached topology diagram….
Also provide me with the sample PIX config for the above Two-Tier firewall architecture implementaion of application and database servers.
Regards |
|
|
|
| Hi,
IP Scheme is as listed below.
Lan IP = 192.168.1.0/24 - 192.168.24.0/24
Internet Firewall DMZ Network (Tier-1) = 192.168.252.0/28
Internet Firewall Internal Network (Tier-1) = 192.168.252.16/28
Intranet Firewall External Network (Tier-2) = 192.168.252.16/28
Intranet Firewall DMZ Network (Tier-2) = 192.168.252.32.0/28
PiX Firewall Internal Network (Tier-2) = 192.168.252.48.0/28 |
|
 TomS_Git-r-donePremium,MVM
join:2002-07-19
Ireland
kudos:1 | reply to fmatrine
Your last two posts are very homework-ish. Have you made ANY attempt to configure these setups yourself?
Also, post the topology as an image, not a powerpoint presentation. Not everyone here has powerpoint, let alone Windows installed on their computer.
You also mention this is for a bank type scenario. Do you actually work for a bank, or are these hypothetical situations?
If you do work for a bank, I suggest you go and take some courses and learn the workings of Cisco bcause we arent here to do your work for you. I dont think anyone here would like to be liable if someone manages to break through your firewalls ether.
If this is just a hypothetical situation, I would suggest trying to configure the scenario yourself, and if you have difficulties you can ask us for help.
You wont learn anything this way, except how to become more dependant on other people.
I stand by my remarks in your Callmanager topic too. |
|
 wykedPremium
join:2001-11-01
Cibolo, TX | I agree wholeheartedly with sector_ on this. Two seperate posts with no real information on what you yourself have tried. In my opinion give it a go yourself and let us know where you run into issues.
I will add some GENERAL comments/questions regarding the layout of the network however as I do have powerpoint and was able to open it....
1. I would segment off your internal clients from the servers as well by hanging them off of another port on the inside firewall.
2. I would put an IDS sensor in your public DMZ and possibly another on the link between the 2 firewalls.
3. What type of bandwidth to the internet will you be dealing with? (is the 2811 sufficient for this bandwidth?)
4. Will you have redundant internet links (as everything else I am seeing appears to be for a fully redundant solution)?
-A
--
What is a Juggalo? I don't know, but I'm down with the clown and down for life yo! |
|
