Network segmentation (gateway location)?

S

storm1kk2019-03-15 19:17:36

firewall

storm1kk, 2019-03-15 19:17:36

Good evening!
A network design question, where is the best location for gateways to office network segments?
There are about 15 segments between which traffic must go according to certain rules. There are two options for placing gateways for these segments:
1. Central router (network core)
2. Firewall
I have always made interfaces on the ITU, respectively, the gates were also on the ITU and it all works and is filtered as it should.
But then they threw me the idea that it was possible to take all the routing to the core (make gates there) and steer traffic using VRF, and ITU would still deal with filtering. It would seem logical - the router routes, and the ITU filters.
Please tell me the pros and cons of this option.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

C

CHolfield, 2019-03-15
@CHolfield

A firewall is needed to protect the outside, inside the network there should be only trusted objects and this is your concern. Or it will be necessary to install a very expensive hardware firewall in the kernel. Very expensive. To keep the exchange rate.
Correctly advise you in short.

S

storm1kk, 2019-03-15
@storm1kk

There should be segmentation inside the network, the same users should not climb into the server segment or the information security segment. Cisco ASA acts as the ITU.