Change Topology NGAF 20

rohmat_dsi Lv1Posted 25 Oct 2022 14:55

i want to change the existing network topology.
here I attach the topology

Existing Topology

Existing Topology


now I want to change the topology to something like the following, is there anything that needs to be set in the NGAF?

New Topology

New Topology

rivsy has solved this question and earned 10 coins.

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins, 20 coins of bounty and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

Last edited by rivsy 25 Oct 2022 15:54.

For the Public IP Area
1. IP address to the endpoint is based on the first router .
2. For this setup, Public Area will not be protected from threat, cannot be managed by NGAF and have security consent since connection is direct to the first router.
3. Static IP for the 3 router in the Public Area
4. Default gateway IP address same with first router

For the DMZ Zone
1. IP address of the server is based on the NGAF
2. Default gateway IP addresssame with first router

Is this answer helpful?
rivsy Lv5Posted 25 Oct 2022 15:48
  
Last edited by rivsy 25 Oct 2022 15:54.

For the Public IP Area
1. IP address to the endpoint is based on the first router .
2. For this setup, Public Area will not be protected from threat, cannot be managed by NGAF and have security consent since connection is direct to the first router.
3. Static IP for the 3 router in the Public Area
4. Default gateway IP address same with first router

For the DMZ Zone
1. IP address of the server is based on the NGAF
2. Default gateway IP addresssame with first router

Newbie308427 Posted 26 Oct 2022 12:15
  
hi! imo exposing public area to internet without any AF is not a good idea
RegiBoy Lv5Posted 26 Oct 2022 14:14
  
Last edited by RegiBoy 31 Oct 2022 11:06.

Yes, IP re-addressing is a must.

Router:
1. interface facing the ISP
2. interface facing the NGAF

NGAF:
1. interface facing the Router
2. interface facing the Servers


Although the design is not totally wrong, you don't maximize the protection and you leave the Switch and other Routers unprotected.
zubairhassan Lv2Posted 28 Oct 2022 22:27
  

Router:
1. interface facing the ISP
2. interface facing the NGAF

NGAF:
1. interface facing the Router
2. interface facing the Servers
DMZ Zone
1. IP address of the server is based on the NGAF
2. Default gateway IP addresssame with first router
Naomi Lv3Posted 31 Oct 2022 11:16
  
It is not ideal design proposal because other network doesn't have security.
Adonis001 Lv3Posted 31 Oct 2022 12:43
  
DMZ Zone
1. IP address of the server is based on the NGAF
2. Default gateway IP addresssame with first router
isabelita Lv3Posted 31 Oct 2022 13:11
  
Your current topology is better than the change you want.
BitCloud Lv3Posted 31 Oct 2022 13:21
  
Your current diagram is the recommended design
VanFlyheights Lv3Posted 31 Oct 2022 13:40
  
Dont change your current production design. It is very risky.

I Can Help:

Change

Moderator on This Board

1
128
3

Started Topics

Followers

Follow

17
6
0

Started Topics

Followers

Follow

Board Leaders