Link to home
Start Free TrialLog in
Avatar of litmic
litmicFlag for Hong Kong

asked on

Two tier firewall design

Running Cisco ASA5545 firewall at office, planning to add fortigate to form two tier level. What's the guide/ good practice to design and configure of the two tier firewall so that well protect and easy admin (such as troubleshooting, add access rule..etc)? 
Avatar of Pete Long
Pete Long
Flag of United Kingdom of Great Britain and Northern Ireland image

Two Tier?

</P>
ASKER CERTIFIED SOLUTION
Avatar of Mohammad Rummaneh
Mohammad Rummaneh
Flag of Jordan image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Steve Jennings
Steve Jennings

The design above seems to address your question and is a common implementation. I would only add that some financial institutions will architect "enclaves" where each enclave has an internal firewall that must be passed to enter the enclave. Data bases and applications can be assigned to specific enclaves.

So, for example, data bases in a data base enclave will only accept traffic from specific subnets, usually NOT the NAT range admitted by the external firewall.

I think this design can get overly complicated quickly. But it can provide a more secure environment for preventing exfiltration.

Have fun!
Steve
Avatar of litmic

ASKER

Thanks