Hello and thanks,
I have a vendor that is setting up our network and I am not sure if something they are doing is a good idea. I however am not Cisco certified so my voice carries less weight. I am looking for some opinions that I can pass along.
They are setting up a 3750 with two VLANS, VLAN 100 and VLAN 200. VLAN
100 will be inbetween the ISP and our firewall. VLAN 200 will be where all of our internal servers reside. So Internet>>>3750 Vlan 100>>>>firewall>>>>3750 Vlan 200(core switch with all servers)This design seems poor to me, because we are having a core switch on the net not protected by fwall. It seems like a DoS attack could hammer our core switch, since it is not protected by the firewall. Is this correct? Also seems like it would be easier to hack the switch which will give you to access to internal network. Is this correct?
Seems like better solution is Internet>>>Switch1>>>firewall>>>Switch2(core switch).
Looking for explanation that I can take to meeting to have them make a change if necessary?
Thanks again, Roy