[c-nsp] Network design change
James Slepicka
cisco-nsp at slepicka.net
Tue Nov 10 11:44:34 EST 2009
>>this will help if any of the 2 firewalls had failure to access both
DMZs from any firewall.
Just keep in mind that traffic through the firewalls usually* needs to
be symmetric. Be sure to account for that in your design.
*
https://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_tcpstatebypass.html
shadow floating wrote:
> thanks alot Ziv
> the link for the diagram is here :
> http://img18.imageshack.us/img18/77/questionhk.jpg
>
> Hi All,
> My company has two sites in to 2 different locations (plz see the
> diagram from picture in the link) that are
> connected via high speed link at the core layer in each site I've 1
> DMZ , the network team wants to connect the DMZ switches in both sites
> for better performance and "security" - the link under investigation
> is shown in red in the picture - via high speed link without passing
> at all by the core network layer, as they say that will aid more in
> the replication between server A and backup server A in the DMZs and
> also this will help if any of the 2 firewalls had failure to access
> both DMZs from any firewall.
> Is that better from security point of view?
>
> appreciating your great help and advice
> thanks alot
>
> Regards,
> Nad
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list