The solution consists of two Cisco ASA Firewall along with the CSC (Content Security and Control) module (ASA 5510 with AIP-SSM-10). The Prime objective is to merge the different networks and define specific access policies for clients accessing different services.
Implementation of security devices has been done on the basis of the proposed diagram for application installation. In the design, there are two Cisco ASA firewalls with inbuilt CSC modules.
is also terminated),d mz andinsi de zone. All the servers which are required be accessed from internet have been placed in Demilitarized zone (dmz). The inside interface is connected to the Core L3 CISCO switch and will be the default gateway for Thamel LAN as well as L3 switch. The internet facing ASA will act as perimeter security gateway deployed to inspect and filter out all unwanted traffic except those which are explicitly allowed by the access list according to HBL\u2019s access policy.
The internal ASA has been deployed to provide in-depth second-layer of security to business-critical resources like core banking servers, database servers and mail servers. Precisely, the internal ASA has been configured with three interfaces (zones) namely,SE RVE R zone,L AN zone andW AN zone. The interface facing LAN zone is connected to the internal L3 switch in a separate L3 VLAN. The interface facing WAN zone is connected to the another L3 switch which is further connected to WAN router(s). The third interface, configured as server zone, is connected to server farm switch where all business critical servers are placed. This design provides in-depth multilayer security from External (internet) threats as well as restricts/provides specific limited access from WAN and even LAN to these business critical servers.
Further, the perimeter ASA has been configured to send all http, https and only incoming smtp & pop3 traffic to inbuilt CSC module for virus, spyware, spam and other malware scanning. The internal ASA has also been configured to send all http, ftp, smtp and pop3 traffic to the inbuilt CSC module.
This action might not be possible to undo. Are you sure you want to continue?