Need advice for replacing current network router and network firewall

Started by michael_antony, March 13, 2022, 09:20:56 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

michael_antony

March 13, 2022, 09:20:56 PM
Hi experts,
I need your advice, what do you think if asked to replace the current network router and network firewall with another type of router and firewall.
This is a more or less summary of the current network system:

Head Office
Start -> ISP
-> (Firewall) device: Cisco ASA 5515-X
-> (Internet Router & WAN Router) devices: Cisco ISR 4331 (2 pcs)
-> 2 Core Switch (Juniper)
-> Users PC -> End

Branch 1
Start -> ISP
-> (Firewall) device: Cisco ASA 5512-X
-> (Internet Router) Cisco ISR 4321
-> 2 Core Switch
-> Users PC -> End

Branch 2
Start -> ISP
-> (Firewall) device: Cisco ASA 5512-X
-> (Router) Cisco ISR 4321
-> 2 Core Switch
-> Users PC -> End

*Notes: Each site uses a VPN IP (MPLS) service that comes from an ISP provider, to give branch office access to Head Office server.

All devices use Cisco, as well as maintenance and replacement of devices using the services of vendors. The company management wants to save costs by replacing existing devices with other brands, so that maintenance can be carried out by the company's internal IT. Also to replace existing VPN IP subscriptions, by creating a site-to-site VPN over the internet,
implemented on new devices.

Now this is the problem,
I stopped at this task, because I am a software engineer and have very little experience about networking. I was asked to learn from scratch and hopefully can handle the task. Also all the IT team doesn't understand Cisco at all, so they don't dare touch the device, let alone do the configuration. Because it's currently being used in production/live operation, it shouldn't experience trouble or downtime.

Please give me your thoughts on this, or insights or advice, I would really appreciate it.

Best Regards,
Antony

Otanx

#1
March 14, 2022, 09:31:17 AM
What kind of bandwidth requirements? Is there anything special about what the network needs to support? For something small like that I would probably go with either Palo or Fortinet firewalls. Get rid of the routers, and consolidate that into either the firewall or the core switch. Then grab whatever kind of managed switches the IT team can support to cover the switching.

-Otanx

deanwebb

#2
March 14, 2022, 12:51:37 PM
Agree, firewalls can do your routing if you are small enough. It shows 2 core switches - how many distribution and access switches connect to the cores? Are the cores also functioning as the distribution switches? (those questions may be best answered by the IT team making the proposal)

For Internet VPN, are they talking about using a cloud product for connections like Netskope or ZScaler or are they talking about an SD-WAN solution?
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.
Print
Go Up Pages1
User actions