Dec 27 2011 1:11AM GMT
Posted by: Sulaiman Syed
Cisco, design, explicit, Firewall, network, PBR, proxy, router, switch, transparent
Moving from Explicit Proxy to Transparent Proxy – part 2
Posted by: Sulaiman Syed
Cisco, design, explicit, Firewall, network, PBR, proxy, router, switch, transparent
If you have read the first part of this series, you would know that there is major upgrade plan move from explicit proxy to transparent. One of the major objective that during migration to the new network, there should be minimal downtime. But since we are going to utilize the same hardware, downtime can’t be totally avoided. The current firewall is not able to handle the traffic going to the internet by itself.
with that in mind, we have few things to workout to finilize the network design:
- IP addressing scheme throughout the network.
- The integration of older firewall with the new firewall.
- The implementation of packet shaping for provisioning IP based, and group based bandwidth.
- How the traffic will route from the PBR to IR going by two firewalls contexts.
- The integration of new LB by keeping the proxy traffic/control plane segregated from the other traffic.
In the above diagram, we are showing a basic idea of the connectivity. I would go into the details of hardware and logical connectivity in the next blog entry.
Comment
RSS Feed
Email a friend
