Hi All,
I am just working through a new network design for our business. We are just about to relocate our production data centre to a professional managed facility.
Our business is split over three sites. They are main business, DR site and Production site.
Our WAN will be a managed WAN (carrier will look after) with dual routers installed at each site (Cisco 3845) with a copper hand off from each. The routers will run HSRP with only one router being active at any one time. The access rate at each site will begin at 100M. We have around 120 users at the business premise.
I' m trying to address the design site by site and will begin with the business premise. The LAN is made up of Cisco 2960 (x4) that connect upstream to Cisco 3750 (2), which currently patch into a Fortigate 1000A appliance. The appliance is overkill for a site of our size but it is what it is.
In the new design we will have several VLANs that terminate on the 3750x. I plan to configure a VLAN on the 3750 with a /29 address and then connect this to the Fortigate. I am using a /29 in case there is a design change in the future.
I was then planning on attaching the WAN router to one of the Fortigate interfaces and routing the LAN to the WAN through these two ports.
I then plan to define policies for specific address ranges that can traverse the WAN by destination address, services, etc for the different networks that are configured on the Cisco 2960/3560, will ACLs applied on the VLANs for security between these VLANs.
Does this design sound reasonable? Would you suggest connecting this physically any other way? I am hoping to meet with our Fortinet account manager/pre-sales to discuss this further. Just after a bit of feedback from others.
Thanks as always,
Darren
Fortigate 1000A
v4.0,build194,100121 (MR1 Patch 4)
Fortianalyzer 800B
v4.0,build0130 (MR1 Patch 3)