Network Engineering Asked on September 30, 2021
If I have 2 buildings connected to each other and they both run to the same ISP, would both buildings need to be connected to a firewall?
For the main building I’ve placed a firewall just before the router, but when I was thinking about the other building, I didn’t think about a firewall. I’m assuming that it would also need a firewall too, just before the router?
There are several ways to connect the buildings, depending on what kind of switches you have. Based on your diagram, if you can only connect the two routers together, then yes, you need a firewall as you've indicated.
But a better design would be to use the fiber to connect the two main switches directly. Whether you can do this depends on the capabilities of the switches, and would eliminate one router.
Correct answer by Ron Trunk on September 30, 2021
Assuming that if your are using layer 3 switch connected as main core switch and all VLANS are configured in that switch then you can have fiber connectivity from core switch if you switch don't have SFP port compatibility use media converters and connect as access port and allow specific VLAN and connect to another layer 2 switch in another building if another building are using multiple VLANS traffic mean allow trunk Port .. In this way both building can use single firewall which is deployed in main building connecting to core switch if your core layer 3 is not compatible with or equipped with SFP port then use fiber modules or media converters...this connectivity allow you to use same firewall for both building traffic and it is easy for monitoring and management .
please refer below diagram for overview topology for this requirement
Answered by Sagar Uragonda on September 30, 2021
For the main building I've placed a firewall just before the router
Based on your drawing, you've placed the firewall after the router, in other words the firewall does not protect the router itself but rather sits downstream from it.
There's not necessarily anything wrong with that, except it means that the uplink from Building 1 to your main building will not be protected by the existing firewall if it is connected to the router in the main building.
Using two firewalls for your situation would introduce unnecessary complexity, cost, and management in my opinion. Instead, think about connecting Building 1 to the existing building by either interconnecting either the two routers together with the firewall placed outside of the router in Building 2 or alternately, connecting the two "main" switches together. In either of those scenarios, both buildings' networks will be protected from the internet by the existing firewall.
Answered by Ted Quanstrom on September 30, 2021
I assuming that you are in one single network and two separate vlan on separate building. Therefore you don't have a requirement of two firewalls. If your main switch has Layer 3 facility, You can make a connection between main switch to main switch. It is not a good idea to provide direct internet connection to core(main) switch at all.
You have two main switches and if it has facility you can enable VSS and can work as a one single switch. Then there is no special routing is needed for second switch.
Always keep your network behind the firewall.It is necessary.
If you want be separate from network1 and network2 you can make connection from firewall to main switch in building 01.
Answered by infra on September 30, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP