Hello Everyone,
Background: I am the IT Manager for a Software House. We have about 12500 Users and i Currently am running into the problem that PFSense is not providing me the needed protection we were hoping. After reading about untangle i believe it in bridge mode will work perfectly for our needs. I have also provided a basic network diagram for the core
Requirements That i was Looking For:
Bandwidth Control
Directory Connector
Web Caching
Policy Based Control
+ standards (Virus / SPAM / Intrusion / Attack blocking)
Details:
ER1 and ER2 Need to Remain the same:
ER1 and ER2 are VMs on 2 Seperate Hosts
VMWare ESXi Host Setup:
Dual Intel E5-2640
64GB of RAM
4x 120GB SSDs (RAID10)
Dual Onboard Intel NICs
2x 4 Port Intel GBICs
4x Dual Port Intel 10GBe
All 12 Core Switchs are Dell 5500 Series Layer 3 (48 and 24port Mixed)
We operate 2 10G Fibres to the internet that we run at about 30% combined capacity. ( As of Last month we are pushing about 5-6G of Traffic with 13G peaks
We do not intend to replace PFSense at the edge of the network because it is operating as intended.
LAN Connects Via a Single 10G Uplink to each EdgeRouter
DEV Connects Via a Single 10G Uplink to each EdgeRouter
IT,WIFI,and AUX Connects Via a Seperate 1G Uplinks to each edge router
SERV Connects via 2 10G Uplinks to Each EdgeRouter
WIFI is for what it sounds like all Wifi Devices
LAN is for all standard Users (bulk of our workers [10k of which only 4k-6k are active at a time])
DEV Network handles about 500 developers (300~ are active at a time)
IT handles about 400 Techs and peaks out at 250 active at any 1 time
SERV is all types of traffic to and from our Servers.
AUX is basicly the management lan for all servers (ikvm / Host to host comms)
SERV operates about 1500 Physical Hosts
All People on LAN Have 100m Connections to there Workstations
All IT and DEV have 1G
All Physical Hosts are connected via 10G all VMs have 1G Connects
Right now PFSense does not give us enough information to see the bulk of our traffic type. It gives us at best our per interface traffic over time.
Problem : We have 6 Seperate Segments / Networks that only coverge at the Edge Router / Firewalls (vmware + pfsense). A good chunk of me and my techs time is us dealing with so called "slow connection" issues where a user was for the lack of a better term "Cruising the web" and got a virus or is going to youtube and watching a video then sending the link to the all the people in there department. The internal network handles this great but the caching features and policy based features untangle provides could save me enourmously on bandwidth expenses.
The Question:
Where is the best place to place Untangle vs my network layout. The two solutions i came up with are the following.
A) Put Untangle between ER1/ER2 and the Cisco Routers where the inbound fibres terminate.
B) Put Untangle Between Each Segment and the Edge Router (6 Untangle Installs [this is not out the question])
Please I would like any input or recommendations the community could provide.
Thanks
Paul
Background: I am the IT Manager for a Software House. We have about 12500 Users and i Currently am running into the problem that PFSense is not providing me the needed protection we were hoping. After reading about untangle i believe it in bridge mode will work perfectly for our needs. I have also provided a basic network diagram for the core
Requirements That i was Looking For:
Bandwidth Control
Directory Connector
Web Caching
Policy Based Control
+ standards (Virus / SPAM / Intrusion / Attack blocking)
Details:
ER1 and ER2 Need to Remain the same:
ER1 and ER2 are VMs on 2 Seperate Hosts
VMWare ESXi Host Setup:
Dual Intel E5-2640
64GB of RAM
4x 120GB SSDs (RAID10)
Dual Onboard Intel NICs
2x 4 Port Intel GBICs
4x Dual Port Intel 10GBe
All 12 Core Switchs are Dell 5500 Series Layer 3 (48 and 24port Mixed)
We operate 2 10G Fibres to the internet that we run at about 30% combined capacity. ( As of Last month we are pushing about 5-6G of Traffic with 13G peaks
We do not intend to replace PFSense at the edge of the network because it is operating as intended.
LAN Connects Via a Single 10G Uplink to each EdgeRouter
DEV Connects Via a Single 10G Uplink to each EdgeRouter
IT,WIFI,and AUX Connects Via a Seperate 1G Uplinks to each edge router
SERV Connects via 2 10G Uplinks to Each EdgeRouter
WIFI is for what it sounds like all Wifi Devices
LAN is for all standard Users (bulk of our workers [10k of which only 4k-6k are active at a time])
DEV Network handles about 500 developers (300~ are active at a time)
IT handles about 400 Techs and peaks out at 250 active at any 1 time
SERV is all types of traffic to and from our Servers.
AUX is basicly the management lan for all servers (ikvm / Host to host comms)
SERV operates about 1500 Physical Hosts
All People on LAN Have 100m Connections to there Workstations
All IT and DEV have 1G
All Physical Hosts are connected via 10G all VMs have 1G Connects
Right now PFSense does not give us enough information to see the bulk of our traffic type. It gives us at best our per interface traffic over time.
Problem : We have 6 Seperate Segments / Networks that only coverge at the Edge Router / Firewalls (vmware + pfsense). A good chunk of me and my techs time is us dealing with so called "slow connection" issues where a user was for the lack of a better term "Cruising the web" and got a virus or is going to youtube and watching a video then sending the link to the all the people in there department. The internal network handles this great but the caching features and policy based features untangle provides could save me enourmously on bandwidth expenses.
The Question:
Where is the best place to place Untangle vs my network layout. The two solutions i came up with are the following.
A) Put Untangle between ER1/ER2 and the Cisco Routers where the inbound fibres terminate.
B) Put Untangle Between Each Segment and the Edge Router (6 Untangle Installs [this is not out the question])
Please I would like any input or recommendations the community could provide.
Thanks
Paul