• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1578
  • Last Modified:

2-tier Firewall network diagram

Hi expert,

I have a nework with 2 tier firewall that consist two different types.  I am trying to understand how the data traffice flow for first and second tier firewall.  How the internal user data flow and how out side traffic flow into the DMZ and internal side.  

Based on the attached network diagram i have both WLAN and DMZ data flow at the DMZ zone .  And I have user VLAN and App & DB VLAN both at Corporate Core and DC Core.      

I have limited knowledge as how to translate the network diagram and figure out the data traffc flow from  outisde to inside , vice versa.  I am specially confuse how the 2-tier firewall function within data being transverse.  

Besides, can assume the inter vlan routing will be transverse through the 2-tier Firewall ???

Appreciate your expert advise .  Thanks
1 Solution
The diagram does not show which devices are performing intra-vlan routing or serving as the VLAN root of your network.  You'd have to check the configuration of the different firewalls.
Keith AlabasterCommented:
Please ask a question - as i don't see one so far - and we will try and answer it.
btanExec ConsultantCommented:
the person who created the diagram would have supplied the different IP address as itself can have a lot of interpretation. Two tier demarcate the DMZ and it seems that WLAN also is within the same zone. DMZ switch (trunked) allow MAC traffic if I am  not wrong (may even be Cisco OTV, extending MAC addressing across the two route). For the user VLAN, I was expecting another switch below the core switch, likewise for the appl/db VLAN. It may appear that these VLAN are sited in different sites but the ASA will check before granting flow between these VLAN. The question is also where is the admin mgmt VLAN .... there need to be more info
maxim168Author Commented:
Thanks ,  I am just wating for some feedback for the network diagram attached.  
I just need to know how the  2nd tier firewall which is ASA 5500 do the routing as compare to 1st tier firewall non-cisco device.

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now