I'm a one man IT department for my company and I have a few questions about a network layout. Currently, we have a cisco PIX as our firewall which is also doing vlan routing to our VoIP vlan. My questions is, should I set up an internal router such as vyatta and let it do the routing, or is the pix sufficient? I'm not having any problems with it at the moment, but I was considering implementing an untangle box www.untangle.com
and it doesn't pass vlan traffic. So, to use it I have to change my current setup and let an internal router route vlan requests before passing traffic on to the untangle box. Here is a diagram of my current, and what I think I should do for my network. All in all, the most important question is, what will give me the best performance.
My current setup:
Outside router / internet -> PIX -> ProCurve 1800-24G (GB backbone) -> HP procurve 2626 and 2650 PWR switches (3) -> rest of LAN
What I'm think of doing:
Outside router / internet -> PIX -> Vyatta (or other recommended LAN router) -> ProCurve 1800-24G -> HP procurve 2626 and 2650 PWR switches (3) -> rest of LAN
I would consider the untangle as the main firewall, but I have 3 remote sites that also have PIX's and site-to-site ipsec vpns (which untangle doesn't currently do). And yes, I realize there are other UTM's, but the price of untangle is what I'm after.
Bottom line is, do I need an internal router for best performance of network, or are they really only needed when you need to segment your internal network? I know that the procurves will do layer 3 routing, as I have implemented that in the past, but I seem to be getting better performance from the PIX.
I know this is a bit winded, but I'm just trying to get some insight. Thanks for you help in advance.