• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1696
  • Last Modified:

Network Switch and Router Layout

Hello Everyone-

I'm a one man IT department for my company and I have a few questions about a network layout.  Currently, we have a cisco PIX as our firewall which is also doing vlan routing to our VoIP vlan.  My questions is, should I set up an internal router such as vyatta and let it do the routing, or is the pix sufficient?  I'm not having any problems with it at the moment, but I was considering implementing an untangle box www.untangle.com and it doesn't pass vlan traffic.  So, to use it I have to change my current setup and let an internal router route vlan requests before passing traffic on to the untangle box.  Here is a diagram of my current, and what I think I should do for my network.  All in all, the most important question is, what will give me the best performance.

My current setup:

Outside router / internet -> PIX -> ProCurve 1800-24G (GB backbone) -> HP procurve 2626 and 2650 PWR switches (3) -> rest of LAN

What I'm think of doing:

Outside router / internet -> PIX -> Vyatta (or other recommended LAN router) -> ProCurve 1800-24G -> HP procurve 2626 and 2650 PWR switches (3) -> rest of LAN

I would consider the untangle as the main firewall, but I have 3 remote sites that also have PIX's and site-to-site ipsec vpns (which untangle doesn't currently do).  And yes, I realize there are other UTM's, but the price of untangle is what I'm after.

Bottom line is, do I need an internal router for best performance of network, or are they really only needed when you need to segment your internal network?  I know that the procurves will do layer 3 routing, as I have implemented that in the past, but I seem to be getting better performance from the PIX.

I know this is a bit winded, but I'm just trying to get some insight.  Thanks for you help in advance.

2 Solutions

The only reason I'd add another router is for segmenting of the internal network.  It seems in your case that another router will just be a bottle neck.
Dont waste your time implementing another router if you need to segment the internal network do it on the L3 switch
drsperoAuthor Commented:
Not exactly insightful...I guess when you already know the answer, you shouldn't bother looking for more.  Points divvied up regardless.  Thanks.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now