Overclock.net › Forums › Software, Programming and Coding › Networking & Security › help redesigning the network and securing the edge (firewall, ips, ids)
New Posts  All Forums:Forum Nav:

help redesigning the network and securing the edge (firewall, ips, ids)

post #1 of 2
Thread Starter 
My current network setup looks like the following:

ISP modem --> Cisco 2611xm --> managed 3550 switch --> vlans

Since I will be setting up a public facing web and email server, I decided that my network security needs improvement before they go live. I built a pfSense box which I would like to configure to perform Firewall, IPS, and IDS duties. I believe I have 3 options on its placement: before the router, after the router, or replacing the router with it. I would appreciate any insight and suggestions.
Thanks

Current setup details:

ISP modem:
Configured as a bridge just to perform the rj11 to rj45 hand-off

2611xm:
Routing
NAT
ACLs
basic firewall functions

3550:
layer 3 enabled
inter vlan routing
DHCP
ACLs

Vlans:
Guest wifi
private lan
private servers
Public servers (coming soon)
management PC (SNMP, Solarwinds, ect.)
My Setup
(13 items)
 
  
CPUMotherboardGraphicsRAM
i5 2500k Maximus IV GENE-Z 2x GTX 570 sli Ripjaw DDR3 1600 (16GB) 
Hard DriveOSMonitorKeyboard
1.5TB WD Win7 64bit Pro 55in Vizio Logitech Wireless 
PowerCaseMouseMouse Pad
Thermaltake RX-850 Lanbox Lite Logitech G700 Rocketfish 
  hide details  
Reply
My Setup
(13 items)
 
  
CPUMotherboardGraphicsRAM
i5 2500k Maximus IV GENE-Z 2x GTX 570 sli Ripjaw DDR3 1600 (16GB) 
Hard DriveOSMonitorKeyboard
1.5TB WD Win7 64bit Pro 55in Vizio Logitech Wireless 
PowerCaseMouseMouse Pad
Thermaltake RX-850 Lanbox Lite Logitech G700 Rocketfish 
  hide details  
Reply
post #2 of 2
You could probably just phase out the 2611XM at this point, the pfsense box would just end up routing packets between interfaces anyway, and you are already using layer 3 switching for inter-vlan routing.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › help redesigning the network and securing the edge (firewall, ips, ids)