12-26-2021 09:17 AM
Hi,
I have the below topology
PA has two 40 g ports and my core has 4 40g ports . server SW also has 40 g ports ( the switch is for connecting servers )
core required two 40g Ports for cross-connection.
So remaining two 40g connections,
Do I need to use it to connect the DC fW,or yes which link ?
or Do I need to use it to connect to server switches ?
Thanks
12-26-2021 02:41 PM
Hello,
I would say it depends on how much traffic you are trying to push through the firewalls. That will ultimately give you the answer. However I suspect that 10G would probably be enough.
Regards,
12-26-2021 06:13 PM
Hi @OtakarKlier
Thanks for the reply. I am going to use a VDIsolution for 1000 users.
I am not sure How do I size for this purpose or where do I place the vdi servers .
a vdi and image deployment solution require a 40G fw .
My internet bandwidth is around 600-800 Mbps , the vdi solution will be published outside
Thanks
Thanks
12-27-2021 09:53 AM
Hello,
Since you are limited in the number of ports to use and you have 4 firewalls, this might decide the design.
I know its not much to go on, but I think you'll see the solution when whiteboarding it.
Regards,
12-27-2021 07:35 PM
hi @OtakarKlier
There is no 4 firewall ( 2 firewalls in active-standby mode ) (Maybe only one ) .
Thanks
12-28-2021 09:27 AM
Hello,
I saw 4 in the drawing, so they must not be in play. Thinking about it, I might connect the servers to the switches at at 40G ports. What gets sent to the clients should be less traffic than server to server communications.
Just a thought.
12-28-2021 10:07 AM
You haven't really stated where your VDI servers are going to live, but I assume that you'll have a set of access gateways in your DMZ that will be public facing. I've seen some people just place VDI deployments in their "server" security zone and run with that, but I tend to like to see VDI treated the same as any other access client. That might mean that they are placed in the "inside/trust" zone, or that they get their own security zone to keep them isolated from the rest of your "server" infrastructure.
Not knowing the rest of your network or anything about what sort of bandwidth you're actually passing, its hard to say anything too definitive about where you should use your available 40G links. Knowing very little about your network, I would assume that a 1000 user VDI deployment is probably going to be where most of your traffic is coming from. With that being said I would likely put that additional bandwidth in that VDI zone.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
