litmic
asked on
Two tier firewall design
Running Cisco ASA5545 firewall at office, planning to add fortigate to form two tier level. What's the guide/ good practice to design and configure of the two tier firewall so that well protect and easy admin (such as troubleshooting, add access rule..etc)?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The design above seems to address your question and is a common implementation. I would only add that some financial institutions will architect "enclaves" where each enclave has an internal firewall that must be passed to enter the enclave. Data bases and applications can be assigned to specific enclaves.
So, for example, data bases in a data base enclave will only accept traffic from specific subnets, usually NOT the NAT range admitted by the external firewall.
I think this design can get overly complicated quickly. But it can provide a more secure environment for preventing exfiltration.
Have fun!
Steve
So, for example, data bases in a data base enclave will only accept traffic from specific subnets, usually NOT the NAT range admitted by the external firewall.
I think this design can get overly complicated quickly. But it can provide a more secure environment for preventing exfiltration.
Have fun!
Steve
ASKER
Thanks
</P>