Solved

Firewall Segments design.

Posted on 2011-02-19
2
418 Views
Last Modified: 2012-05-11
Hi
i am having a new firewall and i need the best practice or the bets design to design the its zones based on the following requirements:

- i have a public servers will be used from outside.
- I my own servers that serve my organization.
- I have our staff or employees and guests PCs.
what is the best design for such zones.

cheers
0
Comment
Question by:besmile4ever
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 13

Accepted Solution

by:
kdearing earned 500 total points
ID: 34933416
A standard design would be:

Public servers on the DMZ network
Organization servers and PCs on the internal network

Guests should be on a separate network or VLAN allowing access to the internet and not allowed access to the internal network.
This can be done several ways:
Create a second DMZ for the guest network
Configure router/firewall rules to isolate the guest network
0
 

Author Closing Comment

by:besmile4ever
ID: 34958407
thnks.
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question