Two network security devices and their addressing
Posted on 2014-04-09
I am trying to replace an old web filter with a new one. The old one was non-transparent and was simply hanging off of a port on the core switch. I now have a SmoothWall (for web filtering only) that has been temporarily installed as a direct, non-transparent replacement for the old device. I want the smoothwall to be reconfigured as a transparent web filter. I understand that we need to bring at least one other of its interfaces into use and then route our external traffic through the Smoothwall.
The problem is that for a school we have quite a complex network, and we're expected to be jack of all trades. I'm struggling to design how this should fit in with our existing network. I THINK our network currently operates as described below.
Our core switch is a ProCurve 8212ZL with IP routing enabled. We have many subnets, each on its VLAN. The client devices on the subnets use gateway addresses within the core switch. We also have a Cisco ASA 5510 that is the gateway the core switch uses. This is on a distinct subnet from anything described so far.
The ASA has natting and static routes implemented. Traffic enters the ASA on an interface called ASA2Core and leaves it via its Outside interface on yet another subnet. It then passes back through the core switch and out to our service provider's ASA 5510.
So a typical outbound messaging, ignoring the web filter for now, arrives on subnet x, is routed to the ASA on subnet y, then escapes the building on subnet z having passed through the core switch a second time.
My questions(s): How would I integrate the Smoothwall into this? And the second transit of the core switch looks odd to me - am I right?