Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

newbie - inline firewall versus router

Status
Not open for further replies.
Mit1019

Mit1019

IS-IT--Management
Oct 6, 2003
2
US
We want to transition our internet server to n-tier architecture something like this:

internet
|
isp router
|
firewall
|
web server in the dmz
|
ROUTER or FIREWALL?
|
db server

The question is what to put between the eb server and the db server where I show ROUTER or FIREWALL?

I believe a router would be more efficient and that an entry-level cisco router would be appropriate. Others on my staff say it should be a firewall. My goal is simply to place the db server on a network segment separate from the web server. As long as we assign the ACLs correctly on the router, I don't see why we need another firewall.

In which case, I have to figure out what cisco router is appropriate, most of the product info appears targeted to implementing routers connected to the internet, all I want is simply to connect 2 network segments.

Any recommendations or observations on this topology?

 
Sort by date Sort by votes
Mit1019,
A Firewall and router can function as the same thing. Afterall, your firewall still needs to route packets, and a router can be configured for security (Access-list or IOS FW). The argument is where to put a purpose-built FW (such as a PIX, Checkpoint etc..) and a pure router for network efficency.

It really should come back to your network design. A basic network design should include a perimeter router/FW which connects to your ISP and a central FW (your purpose-built FW) to protect your internal LAN from the internet and DMZ. Here is a revised topology from you diagram

internet
|
[perimiter router/FW]
|
[centeral firewall] - (DMZ web server)
|
Internal network
(db server)

Your permiter router/FW is your connection to the ISP and can run basic security such as access-list or more advanced security features such as the cisco IOS FW and IDS.

Your centeral FW (purpose-built FW) should have a least three interfaces, 1.Internet, 2.DMZ, 3.Internal LAN.

JimmyZ
 
Upvote 0 Downvote
Okay, thanks, I realize now that the web server in the DMZ is already on a separate segment from the internal network/db server, so this accomplishes my primary goal.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Blackybear
  • Question
Cisco RV042G router
Replies
0
Views
296
Blackybear
Blackybear
Mogles49
  • Locked
  • Question
Firewall ACL question
Replies
1
Views
339
burtsbees
burtsbees
Tariq Habaybeh
  • Locked
  • Question
Cisco 881WD-E-K9 router configuration
Replies
1
Views
361
burtsbees
burtsbees
Zia khan
  • Locked
  • Question
Cisco: 2811 Router
Replies
1
Views
331
CASSBusinessSystems
CASSBusinessSystems
kjhg
  • Locked
  • Question
2811 ROUTER
Replies
3
Views
431
iggsterman
iggsterman

Part and Inventory Search

Sponsor

Back
Top