[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Best network configuration

Posted on 2006-11-19
9
Medium Priority
?
1,126 Views
Last Modified: 2010-05-18
I would like to get advise of the experts regarding how I should setup my network.

We have 500 desktops running XP.  15 server running server 2003, one exchange server running exchange 2003 and ftp, one applications server, one data server, one cell phone server.  1 Barracuda firewall. 25 switches connecting to a core switch.  One PIX firewall and then a 10mpbs optiman circuit for our internet connection.  No routers.

We also have a wireless network with approximately 15 wireless switches and 100 wireless access points.

We also have two other locations connecting to the main locations using a point to point.  They share services from the main location.

I would like to create a secure network that is reliable.
0
Comment
Question by:darovitz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17976817
you havent mentioned about DC's in there

                Pix - - - - - - - - - - - - - - -Pix (Point to Point)
                 |
           Barracuda (spam)
                 |
                 |
             Switch
        |               |                   |
Server/DC    Server/DC    Exchange


you can see where all the other servers would sit, there isnt much to the setup, PIX is first point of security, barracuda handles exahcnge spam for all sites (assuming only one exchange box serves the sites). Pix controls secure VPN tunnels and everything else sits behind the Pix firewall
0
 
LVL 26

Expert Comment

by:jar3817
ID: 17976923
The only thing I suggest is to get a router or do vlans in a layer3 switching environment and move all your servers into their own subnet/vlan. That'll give you a means of controlling the traffic hitting the servers.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17976972
or depending on the barracuda model you could DMZ it (I think - not sure on the barracuda)
0
Fill in the form and get your FREE NFR key NOW!

Veeam® is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17977613
Please determine 'Secure'. Are you just viewing this from the point of perimeter security ie the points where the trusted networks interface with the untrusted networks such as the Internet?
Are you also looking at internal security  ie protecting against people plugging in devices internally when they shouldn't etc?

What are the parameters to your question?

Thaks
Keith
0
 

Author Comment

by:darovitz
ID: 17977623
2 dc's and a sap server. No one caught the ftp problem???
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17978324
I see no FTP problem :) we just configure it, but Keith is the expert here, listen to what he has to say
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 2000 total points
ID: 17978664
Sorry if I am being pedantic but a couple of other questions arise. If you have multiple sites using point-to-point connections, how are these connections established if you do not have any routers? Are the routers supplied and maintained by the WAN provider?

I'll make the assumption that you wish to make a fully secured perimeter rather than looking at the full security of the networks overall. I'll also make the assumption that in respect to wireless connections, these are already locked down to MAC address control or an alternative security practice.

You make no mention on how the remote offices gain access to the Internet. Is this one of the services that they share or do they have their own access point to the Internet? If they have there own, are you looking to make these equally secure?

Do you have an IT Security Policy that you are looking to enforce or do you just want the standard, most-often-applied approach? I am unclear on what the FTP issue is either. Do you see it as an issue that the FTP service is also running on the Exchange server?

Set the brief and we'll try to assist.

0
 

Author Comment

by:darovitz
ID: 17985302
Ok.. Good questions.

I would like fully secured perimeter AND full security of the network.  Routers in both remote locations maintained by WAN provider.

Wireless is not locked down to MAC addresses.

The remote office access the internet through the main location via the point to point.

There is no IT security policy (or I would follow it  Smile).  I would be creating a security policy by implementing some actual security on this network.  With that I would like to enforce a most often applied approach.

Yes the FTP issue is that ftp is on the exchange server using the 2nd NIC ip address with external ip translated to ip via pix.

My thinking:  Upgrade pix to ASA firewall, actually two of them for redundancy.  Then put a router in (instead of routing via the pix)... then set up some DMZ's to segregate segments.... then VLAN's.  Also set up an ip scheme such as wireless is on 10.x.x.x... corporate is on 172.x.x.x  remote locations are on 192.168.2.x.

0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 18287511
Thanks :)
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question