Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1410
Views
0
Helpful
0
Replies

dmz switch connects to internal core switch in order to implement Cisco flexpod server

cyberops123
Level 1
Level 1

‎03-07-2018 07:05 PM - edited ‎03-10-2019 12:59 AM

Hi 

I am seeking some security recommendations and concerns about current project we have going on in my company. 

 

we do have DMZ cisco layer 2 switch that connects to Firewall and we also have Nexus 7K that is doing Layer 3 routing for internal network as core switch .network team is trying to implement Cisco Flexpod in order to add more servers in DMZ network so they created Layer 3 interface on DMZ switch and connected to port on Nexus on access mode .Flex pod has 4 ports connected to Nexus with port aggregation in trunk mode . 

my first question is if this is a legit network design solution for Flexpod in order to add DMZ vlans ?

my second question it really freaks me out knowing that DMZ and internal switches are connected physically . I mean if someone get access to our coreswitch he will be able to see DMZ vlan information and can get the mac addresses of the servers in DMZ as well .

I dont know if any other type of potential attacks also be effective in this case as well .

 

I have also attached the design of network diagram on packet tracer , it might help better to understand the network topology .

 

 

Thanks  

 

 

Labels:
Preview file
55 KB
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents