• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1686
  • Last Modified:

Network Switch and Router Layout

Hello Everyone-

I'm a one man IT department for my company and I have a few questions about a network layout.  Currently, we have a cisco PIX as our firewall which is also doing vlan routing to our VoIP vlan.  My questions is, should I set up an internal router such as vyatta and let it do the routing, or is the pix sufficient?  I'm not having any problems with it at the moment, but I was considering implementing an untangle box www.untangle.com and it doesn't pass vlan traffic.  So, to use it I have to change my current setup and let an internal router route vlan requests before passing traffic on to the untangle box.  Here is a diagram of my current, and what I think I should do for my network.  All in all, the most important question is, what will give me the best performance.

My current setup:

Outside router / internet -> PIX -> ProCurve 1800-24G (GB backbone) -> HP procurve 2626 and 2650 PWR switches (3) -> rest of LAN

What I'm think of doing:

Outside router / internet -> PIX -> Vyatta (or other recommended LAN router) -> ProCurve 1800-24G -> HP procurve 2626 and 2650 PWR switches (3) -> rest of LAN

I would consider the untangle as the main firewall, but I have 3 remote sites that also have PIX's and site-to-site ipsec vpns (which untangle doesn't currently do).  And yes, I realize there are other UTM's, but the price of untangle is what I'm after.

Bottom line is, do I need an internal router for best performance of network, or are they really only needed when you need to segment your internal network?  I know that the procurves will do layer 3 routing, as I have implemented that in the past, but I seem to be getting better performance from the PIX.

I know this is a bit winded, but I'm just trying to get some insight.  Thanks for you help in advance.

2 Solutions

The only reason I'd add another router is for segmenting of the internal network.  It seems in your case that another router will just be a bottle neck.
Dont waste your time implementing another router if you need to segment the internal network do it on the L3 switch
drsperoAuthor Commented:
Not exactly insightful...I guess when you already know the answer, you shouldn't bother looking for more.  Points divvied up regardless.  Thanks.

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now