Firewall BP

From Help
Jump to: navigation, search

Return to Main Page

Zones

The standard set-up has two zones. For Cisco, these are usually referred to as Internal and External. On SonicWall, these are called LAN and WAN.

If you are going to have publicly accessible servers, it is best to put them into a separate zone called DMZ. This name comes from "demilitarized zone", and usually has less security than the rest of the LAN.

If possible, it is best to have a separate switch for the DMZ. This ensures that even if the switch is exploited, no internal LAN access is available still.

Return to Top

Naming Conventions

We suggest using a convention that enables both a short name and something descriptive. For example, the SystemsAdmin external address objects are named EXT 106, EXT 107, and so on. EXT is for External, and 106 is the last octet of the IP. Our virtual servers use "machine shortname"_"VM name", such as "HPV1_Elastix" for the Elastix server on HyperVisor 1, or "ESX2_IIS" for the IIS webserver on the second VMWare ESXi box.

You could also use "HPV1_Dev_IIS" for a development IIS server, "Prod" for a production server, etc. Some ideas are:

  • ACCT_FS: Accounting fileserver
  • Prod_WS: Production websever
  • Dev_MySQL: Development MySQL server

The use of an underscore is up to you, we use it to make the naming areas move obvious.

Make sure to document all your abbreviations BEFORE making any assignments, and always use the same abbreviations across the entire IT infrastructure.

Return to Top