Comment on network design

[Asgorath]

First shot on the new network diagram: All the named connections are VLANs (in english not VLANID's for readability purposes).

The website in the DMZ will stay current with the website inside via DFS over IPSEC

The exchange edge will run IPSEC to communicate with the internal exchange server

To use the admin RDP computer, you'll have to VPN into the PRO2040.

If you want to RDP into any inside stuff, you'll have to VPN into the NSA2400.

Traffic from outside into the citrix box will be SSL encrypted citrix traffic

The reason for the two firewalls is: Proper outside perimeter + inside perimiter of DMZ. Plus the sonicwalls only support two gateways.

Exchange Edge will use INET2, Web will use INET3

 

[k1pp3r]

I can't even read that picture, you need viso my friend

 

[WesM63]

I can't even read that picture, you need viso my friend

agreed.

 

[Shockey]

I can't even read that picture, you need viso my friend

http://office.microsoft.com/en-us/visio/default.aspx

I agree, Looks as if he has to seperate offices there. but cant really tell.

 

[k1pp3r]

http://office.microsoft.com/en-us/visio/default.aspx

I agree, Looks as if he has to seperate offices there. but cant really tell.

I thought they were seperate servers lol.

 

[Asgorath]

Oh come on...not that bad.

It's just a first sketch. Can you guys seriously not read the diagram?

I am going to move it over to visio, but wanted opinions of the overall design before I 'pretty' it up.

After I get the rough flow of the diagram out of the way I'll make a much more thorough diagram that also has IP's, VLAN ID's, subnet masks, gateway addresses, and routes.

I'm just roughing out the routes and VLANs.

For instance, in the user/ telephone vlan (bottom left box) it actually will be 4 switches in 3 suites with ~50 users).

 

[Captain Colonoscopy]

I get the gist of your idea only by reading the comments you posted below. Get some visio action going on up in here.

 

[nosmircss]

http://employees.org/~andin/network/