I was recently asked to help design and build a cloud server for a large group of companies who are currently sharing a server on a single site (HQ) where all the branches and sub companies are connected Sophos to Sophos Firewalls using SSL VPN Connections. They then all access this singular average server and get their work down. There have been some issues with load shedding, Internet Connectivity and much more. So we decided to build this solution into a local datacentre so that we could make it more robust.
The hardware being prepped is a Dell R540 with dual Xeon Silver CPU’s, 128Gb Ram, a raid 1 primary drive stack and a raid 10 secondary drive stack. The server has a total of 6x Gb Ethernet Ports and is well speced to be able to run Windows 2019 Hyper V and we virtualize the servers that this client requires.
Now this is a 2 step project. Step one was to prep the server, step 2 was to make the server available to the client at their various companies and sites.
We have supplied their branches and companies with Sophos XG models of various sizes so it made sense to have them all tunnel in to a Sophos XG Firewall in the DC.
So the firewall has been speced and setup as below:
The firewall will need to break out onto the internet and an ip assigned to it. We have created routing from our primary firewall to allow the external IP to point internally to the Sophos XG. This will allow the tunnels to work without any issue.
We have placed 4 x gb interfaces into a team for redundancy and have created a bridge LAN interface using 4 x ports on the Sophos XG. This gives 4x redundant cables and a Firewall to LAN speed of up to 4Gbps.
I have then created a subnet between the Sophos and the servers iDrac so that we can make it accessible from either externally if ever needed or from one of the other internal LAN’s inside our DC Setup.
We also have 2 spare routable networks operating between the XG and the Server, just in case we want to make some additional changes or whatever routing/switching needs we deem.
Once this is all installed, we will re-create the SSL VPN Tunnels between the sites all terminating into this central location giving better stability, security, Data integrity and a much better user experience.
So in essence we are building the client an SD-WAN Cloud Solution.
Love my job. Love what I do.
Cheers for now.