Network Design Review

Posted on 2011-10-03
Last Modified: 2012-08-13
experts, need your expert opinion for our network design.

main focus is on High Availability.

where we want to know what more hardware can be added in contrast to SECURITY.

 Network Design Review
Question by:osloboy
    LVL 35

    Expert Comment

    by:Ernie Beek
    Well imho this is looking very good already :)
    One thing perhaps, what exactly is that WAN zone?
    LVL 32

    Accepted Solution


    Your drawing has most zones connected to one switch, is that correct?
    Seperate switch for the DMZ or is it the same switch logically seperated?

    There is no IDS/IDP functionality inside of the firewalls? I would use basic firewall IDS/IDP on the external and DMZ interfaces and use the full blown IDS/IDP on the interior networks, you already know there is bad stuff happening on the outside, let your firewalls do some work.

    How are the zones connected to the infrastructure, are there additional layer 2 devices?

    Are your distribution switches layer 2 or layer 3?  Your visio symbol indicates layer 3, where is the layer 3 interfaces for each zone?

    There are many ways to secure this environment, 802.1x, port security, dhcp snooping, ip source guard, smart IP addressing and filtering, secure trunking practices, anti spoofing filters, the list is long.

    My questions would be:
    Why are the zones conencted to a single switch?
    Why are the internal server farms conencted to the access switch?
    What are your security policies between zones?
    How is your address space advertised? Do you have routers at teh edge?

    There really is allot you could do

    harbor235 ;}

    harbor235 ;}


    Author Comment

    erniebeek: WAN ZONE is for Remote Branches connectivity.


    Why are the zones conencted to a single switch? its not a Single Switch, they are two and redundent.

    Why are the internal server farms conencted to the access switch? to keep internal traffic seprate from INTERNET and outside traffic.

    What are your security policies between zones? there is none right now, please suggest any good READINGs

    How is your address space advertised? Do you have routers at teh edge? not clear what is your point, only Routers are @ INTERNET LINKS and WAN LINKS


    Author Closing Comment

    horrible response time, experts on vacation

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    Suggested Solutions

    AWS has developed and created its highly available global infrastructure allowing users to deploy and manage their estates all across the world through the use of the following geographical components   RegionsAvailability ZonesEdge Locations  Wh…
    Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now