On Wed, Jan 28, 2004 at 09:31:51PM +0200, Paolo Supino wrote:
> The following story and question aren't product specific so please don't
> try to attach it to any available product: I was asked to plan a network for
> a group of 3 companies (all located in the same building and want to use the
> same infrastracture). From gathering the requirements of each of the
> companies I've concluded that all of them together will need 10 subnets
> (including the subnet that is connected to the internet). Since the biggest
> number of subnets per firewall that I ever installed was 6. Setting up 10
> subnets on 1 firewall (to me) seems too much for me so I'm looking for a way
> to have the 10 networks on 2 (or 3) different firewalls. If you have any
> suggestions on a possible layout I'd be very happy to read it.
16 or more subnets on a firewall should be no problem (eg using quad-nics on
pc-based hardware). proper planing (eg what services should be available on
every subnet) is needed anyway.
it might even be easier to configure everything on one firewall.
apart from that, a separate firewall per company - or even several
firewalls, possibly from different vendors - might provide for more
security and/or flexibility.
eg if one firewall fails, it won't affect the other companies.
for the usual setup with dmz you should use two physically separated
firewalls: Internet - FW1 - DMZ - FW2 - Intranet
In the easiest case you might want to use something like this:
Internet -- Router --+--- FW1 ----- Intranet 1
| |
| +------- DMZ1
|
+--- FW2 ----- Intranet 2
| |
| +------- DMZ2
|
+--- FW3 ----- Intranet 3
|
+------- DMZ3
Unfortunately you don't write how the actual infrastructure looks
like and what the companies requirements are.
Regards,
Holger Kipp
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Feb 01 2004
Intro
