[Lantastic]

I'm tasked with rebuilding a corporate network. The current network is a swill of discount PC servers, PC, Macs, Unix machine etc etc. I get to build from scratch. We use a Sonic Wall firewall. I will install a web server, fileserver (maybe a NAS), FileMaker database Mac Xserver, FTP upload server and mail server.

Question: Is it better to place the web, mail and FTP server behind the Sonic or on the WAN? I'm thinking that LAN traffic will be reduced if I manage those servers outside the LAN using their own built in firewalls.

Thanks.

I've attached a diagram of what I am thinking.

[zx10guy]

If you don't care about the potential of these servers to get smacked by all the internet nasties, then sure.

Depending on the size of your network, you shouldn't worry about LAN/layer 2 traffic performance. If you're talking about hundreds of host devices and/or lots of broadcast type traffic, then sure plan on optimizing your LAN set up. I would place the servers on another LAN segment which would be a different VLAN for best practices and security.

[Lantastic]

Thanks for your help. I've become the accidental Network Admin, a good position but I'm out of my comfort zone a bit. I need to educate myself. Is it sufficient to simply segment the LAN via switches? or do I need to optimize software somehow as well.

[zx10guy]

Segmenting your LAN with additional switches only extends the number of ports you have to expand out your collision domains. It does nothing to segment broadcast domains. This is assuming you are ONLY using unmanaged switches or managed switches with ONLY one VLAN configured.

First, you need to give more information about your network. You need to state how many host devices you have as a starter. Then talk about the type of application traffic you are dealing with. Don't create a problem from nothing. As it seems you are going after performance optimization when there might not be any performance issues to begin with.

[Lantastic]

OK, thanks again. I'll gladly provide details about the network, switches, servers, etc, but I don't want to press upon your time nor take advantage of your hard earned expertise. You've been very kind thus far.... but, if you like this kind of challenge, I'll post more info for you to look at.

[zx10guy]

Go ahead and post up the details of your network.

[Lantastic]

Here you go, with 2 attachments. 98 devices, 5 unmanaged switches. The map is generated by Intermapper.

[zx10guy]

Looking at your PDF diagram, I don't understand what some of the various icons represent. I assume workstations.

Do you have dual links to the backbone switch from each of the access switches?

[Lantastic]

Yes, most of the nodes are PCs but there are quite a few output devices as well. The cluster in the top left is a stand-aone network for some proprietary output devices. There is a second Nic back to the primary LAN from one workstation though.

I'll have to ask the facilities person tomorrow about the dual links. He installed and configured them but he is out today. Some of the hardware is in the ceiling. Thanks again for your time, I'll post again tomorrow with more info.

[zx10guy]

You can look at the switch and see if there are dual connections from the uplink ports to your backbone switch.

As far as the output devices, I assume these are printers.

[Lantastic]

Yes, the switches are multiplexed. Output devices are office printers, plotters, large format printers. We move some very large files around the network... gigabit size.

Correction: Just spoke to the facilities guy. They are not multiplexed. The switch pairs are daisy chained back to the main connect. the net diagram is a little confusing. The main "burst" in the center represents the entire 10.19.78.xx network. The main connection switch is titled "Main Connect".