I recently scored a gig designing a small LAN, and would love for my fellow firewall.cx brothers and sisters to take a look at my design and critique it for me. Let us start by taking a look at the current Network.
-15 users (owner wants capabilities to expand to 50 with new network config)
-Their operational and accounting software is accessed through terminal server and the terminal server uses the MS SQL server to get data.
-They host their mail/web services on a Linux machine.
-Currently they use a T1 connection
- They have 5 servers
1) UNIX storage
2) Linux LAMP Server
3) Windows Terminal Server
4) Windows Active Directory Server
5) Windows SQL Server
[code:1] -Routers & Switches-
-Currently using 1 linksys 24 port gigabit switch, the owner has purchased the following equipment:
1) Cisco 3725 router with the 2FE board and a NM 1GE fiber card.
2) Cisco Catalyst 5505 Switch with the SUP III engine and WS-X5410 card (9 port GE GBIC) also 2 WS-X5224 (24 port 10/100 Ethernet)
My main and obvious goal is to get a solid firewall and spam filter in place. I will be using a Unix distro called pfSense. Pf sense supports Vlan tagging and will route my traffic between my DMZ and my LAN.
Here is a logical view at my design, the different colors represent the separate Vlans I will create.
Please let me know what you think, also if you need any more info about the network.