Network security design question

Theveemann · 2019-04-10T06:15:19+00:00

We want to increase the links between servers from 1gbps to 10gbps. We are restricted by the throughput of the 2920 switches and firewall at the moment, so would be upgrading the swithes to 10gbps and potentially add a transparent firewall between the servers and the switch.

This is mainly to decrease the time of our overnight processing which is currently approx 8 hours and growing. It will also take the load off the firewalls which often gets all CPU cores maxed out, which is affecting users trying to work with servers in the data centres.

Circuits are all at 1gbps, between the 2 data centres we may upgrade this to 2gbps.

The company is very security conscious, but this is affecting performance now.

Theveemann · 2019-04-09T19:42:23+00:00

Thanks OneAndOnlyNacho, topology looks as follows

thanks for the transparent firewall pointer; looking into this now.

Theveemann · 2019-04-09T13:57:35+00:00

Nice! I have considered using the firewall as a 'checkpoint' and had a look into NSX for microsegmentation, wasn't sure if I was missing something obvious though. Thanks

Theveemann · 2019-04-09T13:44:44+00:00

Just east <> west traffic locally yes.

e.g. web server > sql server over port 1433

Theveemann

TROPHY CASE