Hi, A general question on linking zones between firewalls I’d welcome opinion on from the members as I can’t seem to get the right google query to give me an answer.
1) I have 2 firewall zones of equal trust in physically different sites
2) The LAN subnets at each site are linked by a private lease line
I’d like to create a firewall ‘layer’ so that all zones of low trust (think DMZ) are linked together to create a series of routeable subnets via a VPN that traverses the private link (as we have SLAs and guarantees around speed availability etc)
The way I see it, this creates a ‘virtual’ firewall zone so we can easily move data between items in the respective geographical DMZs over the VPN without having to create rules for each new transaction required (we do not use port security fyi due to the multiple connections needed between each system)
I don’t see that there is any more risk with this approach than with having a system in the DMZ in the first place and it will make management of the systems in the DMZ that much easier going ahead.
I welcome comments for or against or any better models
You must be logged in to reply to this topic.
Create a free account today to participate in forum conversations, comment on posts and more.