[c-nsp] Network design change

Tue Nov 10 11:09:23 EST 2009

I don't see any problem with that solution, it seems to be quite good for what you're trying to achieve, and I don't think there are major security issues, assuming that the DMZ is a well protected from internet zone and properly isolated from the internal network. What kind of point to point link are you planning to implement?

-----Original Message-----
From: shadow floating [mailto:nadengine at googlemail.com] 
Sent: Tuesday, November 10, 2009 5:54 PM
To: Ziv Leyes; cisco-nsp at puck.nether.net
Subject: [c-nsp] Network design change

thanks alot Ziv
the link for the diagram is here :
http://img18.imageshack.us/img18/77/questionhk.jpg

Hi All,
My company has two sites in to 2 different locations (plz see the
diagram from picture in the link) that are
connected via high speed link at the core layer  in each site I've 1
DMZ , the network team wants to connect the DMZ switches in both sites
for better performance and "security" - the link under investigation
is shown in red in the picture -   via high speed link without passing
at all by the core network layer, as they say that will aid more in
the replication between server A and backup server A in the DMZs and
also this will help if any of the 2 firewalls had failure to access
both DMZs from any firewall.
 Is that better from security point of view?

appreciating your great help and advice
thanks alot

Regards,
Nad

************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************