Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 384
  • Last Modified:

Network Design HELP

My Work NetworkThis is more of a call for someone to analyze this network and tell me if we can doing anything better.

Please see attached network diagram for reference to below questions.

We currently have a 5/5 bonded T1 connection from ISP and are being upgraded to a 20/20 Fiber connection.  Right now we have 2 IP's but they only gave us 1 drop from their equipment so we put a switch in front of our Sonicwall 2400 (DG) and assigned 2 WAN interfaces to the 2 different IP's.  My boss wasn't sure if we needed 2 IP's anymore because we no longer have a heavy VPN traffic coming in.

We have Bandwidth management setup on 1 of the IP's on the Sonicwall to give priority to those users and or hosts that need it.  We just added them as Address Objects and route them out the second WAN interface, then allocate a bigger chunk of the bandwidth to them.

We have a L3 Adtran Netvanta 1500 routing between our Voice and Data VLANs with 1 cable per phone and computer.  I'm not sure I have COS setup on the switch so I may need to do that for the voice vlan?

On the L2 Switch we have a server, NAS, and misc. like IP Cameras, Copiers, etc.

We have 1 SonicPoint AP coming off an Interface on the Sonicwall.

All in all we have a SERVER+NAS+VOIP system+ 30 users + 30 phones + 2 IP Cameras + 5 Network Printers + AP with another 30 devices =80-100 devices on the network at any given time.  This is broken up into 2 VLAN's and 3 subnets.
0
Vontech615
Asked:
Vontech615
  • 3
  • 2
2 Solutions
 
Tim PhillipsCommented:
Looking good to me.  By COS do you mean QoS?  If possible, you should enable QoS on the router and the switch to prioritize VoIP traffic over data.  Also, if you aren't using the second IP then I would disconnect it (less holes in your firewall).
0
 
Faruk Onder YerliOwnerCommented:
Hi;

Let's analyze first LAN. you are using L3 switch to connect server(DMZ) switch. But L3 switch just gives you routing function. There will not be security between LAN and DMZ. Normally DMZ also direct connected to Firewall, if firewall has enough routing capacity. Copiers and printers are access devices. They will never be same network with servers . They can be same network with computers, even if you are sharing over server.

about WAN side. Sonicwall supports different IP blocks in same interface. You can define both network in same interface and you can erase wan side switch in your network.

about WLAN; you didn't define anything here. You have to separate WLAN SSID as DATA, VOICE and GUEST. VOICE WLAN should be hidden and MAC address filter for additional security. Guest WLAN will be isolated than LAN-WLAN,DMZ network. DATA network could be different IP range for increase L2 LAN efficiency.
0
 
Vontech615Author Commented:
Thanks for your reply!  I can utilize this info in the future.

This is a small network but we use the L3 switch to route between our Voice and Data VLANS.  We don't have a DMZ server or DMZ device of any kind on our network.  The Windows server does DHCP, DNS for only the Data VLAN.  

The reason we had the switch in front of the Sonicwall to begin with was because we wanted bandwidth management options on the 2 different interfaces.  With the new faster internet service coming we may do away with this all together.  I haven't looked into putting 2 different IP Blocks on the same WAN interface but I'm assuming NAT/Firewall would have to handle it because I don't see this option under Interface settings?  

If we decide to continue doing Bandwidth management I'll either have to continue using the switch or figure out a another method of controlling who gets what (maybe another VLAN to split up current DATA VLAN?)  Any thoughts on this?

The WLAN currently is another subnet (192.168.X.X) on the DATA VLAN but this is usually a maximum of 15-30 users at any time but mostly not a lot of traffic.  We don't currently have any guest wifi because we don't have much walk in traffic or outside traffic in general.
0
Microsoft Certification Exam 74-409

VeeamĀ® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
Vontech615Author Commented:
@Tim Phillips yes I meant QoS.  The switch can do CoS and also map that to DSCP and I think voice is typically put in at 5 CoS  which is in the 40 range for DSCP markings.
0
 
Faruk Onder YerliOwnerCommented:
Which type of bandwidth management are doing on front switch i couldn't get idea. You already making NAT over sonicwall, finally you are loosing  source IP. If we are talking about destination part, switch is is irrelevant there. In fact switch can do just L2 port bandwidth control. Finally it is absolutely unnecessary.  

I think below link will help you how you will add secondary IP on same interface.

http://www.experts-exchange.com/Networking/Network_Management/Network_Operations/Q_27519143.html
0
 
Vontech615Author Commented:
We used bandwidth management on the Sonicwall and per WAN interface. We have 2 WAN interfaces but do not have them setup for load balancing so in that case you can only add BWM on the primary interface.  We have this set for 3000 Kbps and  the secondary interface just takes what's leftover.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now