Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19
  1. #11
    Untangler
    Join Date
    Dec 2010
    Posts
    83

    Default

    So, you mean this would be better?
    "Internet -> Router -> UT with Public IP -> DMZ for web servers ->vLANs

  2. #12
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,241

    Default

    If by "better" you mean that is the design closest to my personal preference? Then yes.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #13
    Untangler
    Join Date
    Dec 2010
    Posts
    83

    Default

    Thank you very much. Then now I can hocked up two Public IP Address and I will let it to set behind the Internet Router, then I will play with the vLANs to see how the traffic can be handled.

    One more question I do have Wireless vLAN as well for the students, they authenticate based on RADUIS/AD that sets on different vLAN. How the UT will handle this?

  4. #14
    Untangle Ninja Mathiau's Avatar
    Join Date
    Feb 2008
    Location
    Costa Frickn' Rica
    Posts
    1,636

    Default

    ideally

    Internet--> UT---> ...the rest

    when possible.
    kv-2 | UT 11.0.1 | Dell R610 Server | Intel Xeon 2.8Ghz Quad Cores | 24Gb DDR3 ECC | 1 Intel QPort NIC | Integrated Broadcom QP | Dell Perc 4i | 6 x 73G 2.5 15k SAS raid 10 | 100mb/100mb | 30mb/30Mb

  5. #15
    Untangler
    Join Date
    Dec 2010
    Posts
    83

    Default

    Hi,
    I just drawn a simple diagram for the migration purpose from current setup to Untangle.

    Is this correct?
    http://www.freeimagehosting.net/d6x9y

  6. #16
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,241

    Default

    The multiple VLAN section of that drawing is going to get a bit iffy if that switch isn't layer 3 capable.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #17
    Untangler
    Join Date
    Dec 2010
    Posts
    83

    Default

    Hello, the Switch is L3. But which is better, to put separate interface for each vLAN or Alias for each vLAN?

    Thanks,

  8. #18
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,241

    Default

    It's a network, it isn't a good, better, best comparison.

    When engineering a network you have to make choices based on the goals of your network.

    If you need multiple VLANs you have to determine how you're going to connect each to each other, or at the very least to the Internet. Those connections are points where you manage security between the segments as well.

    I prefer using a compartmental design to networks, that leads to a place where in theory each component can be removed and replaced by as many different vendors' products as possible. This is because, stuff breaks! And when the "Internet is down" you have to fix it as soon as possible. Which is to say, having it back online yesterday is usually the preferred action.

    I saw your e-mail so I have a bit more information now. I haven't responded yet because I'm trying to figure out how to navigate the international nature of your proposal.

    Given the pictures you sent me. I would configure all VLANS on the layer 3 switch, and make it do the routing between those segments. I would then define a dedicated segment for Internet bound traffic, pipe that through Untangle and out to the Internet equipment.

    The downside to such a configuration is a limitation of internal access to control to that of what the layer 3 switch is capable of. The upside is your Untangle configuration is relatively simple, only requires two interfaces, and it can be replaced with any number of other routing devices (several of which you already own). This design would mean, you've got a cold spare should your Untangle server give out for any reason.

    The single point of failure is that layer 3 switch. However, if you consider the reality of your network if that thing goes you're likely not having a good day anyway. Having a spare around is never a bad thing.

    I think about things in terms of simplicity. But also colored by the realities of living in an area where lightening likes to fry everything quite regularly. I don't trust anything, or any service. So everything I do is colored by a disaster recovery thought process.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #19
    Untangler
    Join Date
    Dec 2010
    Posts
    83

    Default

    Hello,
    Thank you very much. I'm waiting your response to the email I sent then, Based on that we can work something. Also the most important thing is the Disaster Recovery / Online Backup Device.

    The L3 Switches are Nortel Stacked 5500 Series. I mentioned only one as I was made it very quickly to show you how we are connected.

    Things will be migrating from product to another product. We have to consider each and every service currently being handled by the existing devices such as, Publishing, Remote Access, VPN, Internet Access, security etc etc..

    I will wait your reply and we should take it from there. The Budget available is enough because it was reserve for BlueCoat but I don't that product, compared to Untangle = Nothing.

    Thank you,

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2