Firewall Design/Topology Internal/External



  • So,
    I wanted to show a picture of my proposed new design/topology for Firewall layout. I have users connected to a bunch of 2960S, which is then connected to a 3750x. Internal Firewalls are connected to the 3750x, and the External Firewalls (while have the ability to connect to 3750x) are connected to the Internal Firewalls.

    Does this setup seem to be an ok design?
    Has anyone setup something similar?
    Would the VIPs in this case create any possible issues?

    Thanks,
    0_1548176158802_Firewall-Proposal-Int-Ext.JPG



  • While you may have issues with double NAT, this is the standard layout of a CARP HA configuration.

    https://www.netgate.com/docs/pfsense/highavailability/configuring-high-availability.html



  • @kom Thank you. Actually that's exactly what we had. But we have to separate the firewalls with DMZs being setup on External Firewalls and Internal Firewalls would have only the internal Networks.
    Just wanted to see if this setup would create any other issue (besides that you mentioned double NAT).

    Thanks,


Log in to reply