O'Reilly logo

Implementing Cisco Networking Solutions by Harpreet Singh

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Firewall design

We have discussed previously that, from a security perspective, we need to restrict the traffic flows in the DC based on the application traffic flow requirements. Let us also assume that all internet users in the organization need access to the internet, and the addresses need to undergo a NAT at the firewall to go to the internet. Note that some organizations might not want to use NAT to access the internet, as it allows all users direct access to the internet. Such organizations force the users through a proxy server for internet access and use two separate firewalls for the external and internal zones. The recommended layout in a real enterprise would be similar to the one shown in the following figure:

Figure 20: Zones ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required